Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 18:25
Static task
static1
Behavioral task
behavioral1
Sample
4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
-
Size
324KB
-
MD5
4ade80cb3522fc3caee9be4c2cf33071
-
SHA1
a0610f4df507f48a25b6575eafc96d7df2f4a619
-
SHA256
a5ad42aa5321aa196361b6ce4b79c35c036c56a0213152dd1703acc25bc5149c
-
SHA512
e9c4e2d345fbdd7c5debc72792f1387667a6d77ce530e37687cbcf7ccc58dca2c016e85866758c58386d3bdfb432e602ba3121183e0a34133e4f5e81a95d6229
-
SSDEEP
6144:eKtDP9elqi0AOROne1mR2wF+M0ZibHykbxKprM5LDJme3:eKtYlqi09ROne1mRPF+MmCH1tKprMpNF
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3180 3512 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2384 wrote to memory of 3512 2384 regsvr32.exe 83 PID 2384 wrote to memory of 3512 2384 regsvr32.exe 83 PID 2384 wrote to memory of 3512 2384 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll2⤵PID:3512
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 6563⤵
- Program crash
PID:3180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3512 -ip 35121⤵PID:2832