Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 05:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
-
Size
55KB
-
MD5
4871648ef8b37504b19ff67283a2a658
-
SHA1
3c935116d55e05be3126da7398e0e00264ac176e
-
SHA256
ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d
-
SHA512
4deb6b97d87234f3ffd29bf7490728371285162fa2e7de579fca35dd37703a4380cf1f732c0ee8103969bd4a8602ae6a260d80cea5b7d310b939ebb7b3b248ac
-
SSDEEP
1536:FX/4isLma94WeamYtm8sJX456F2gKTg+W+LUo:lds394UmYtm3FWg+W+LU
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 952 3832 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2800 wrote to memory of 3832 2800 rundll32.exe 83 PID 2800 wrote to memory of 3832 2800 rundll32.exe 83 PID 2800 wrote to memory of 3832 2800 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#12⤵PID:3832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 6243⤵
- Program crash
PID:952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3832 -ip 38321⤵PID:3176