Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
15/07/2024, 05:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
-
Size
55KB
-
MD5
4871648ef8b37504b19ff67283a2a658
-
SHA1
3c935116d55e05be3126da7398e0e00264ac176e
-
SHA256
ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d
-
SHA512
4deb6b97d87234f3ffd29bf7490728371285162fa2e7de579fca35dd37703a4380cf1f732c0ee8103969bd4a8602ae6a260d80cea5b7d310b939ebb7b3b248ac
-
SSDEEP
1536:FX/4isLma94WeamYtm8sJX456F2gKTg+W+LUo:lds394UmYtm3FWg+W+LU
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1916 rundll32.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1612 wrote to memory of 1916 1612 rundll32.exe 30 PID 1916 wrote to memory of 1200 1916 rundll32.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1200
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1916
-
-