Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4dcb68519c...18.dll

windows7-x64

8

4dcb68519c...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 09:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4dcb68519c1d9117d50e0b3677a4ef98_JaffaCakes118.dll

  • Size

    223KB

  • MD5

    4dcb68519c1d9117d50e0b3677a4ef98

  • SHA1

    9de36ef9879be97d5426a00a75c92a3ebecb1bc3

  • SHA256

    1027d7b160ab7f1eb1aaaceaecc78f17e14f4f360e7fd0c0d89edee4d6dd7c8d

  • SHA512

    bc47a4f2118308a451c0f1b44e5b09aa2d485b8b11a1e45136edf4db7dd25131ded73435f7a5059b31ea0bdfeb477f409635b892d72685d2ff447eff3d613fb1

  • SSDEEP

    3072:cJvIKcHr3Fqgird5nRn35T6/3PkUg7S3m9JcxfWf1Zk3QZDKcrIstA:cJQK8bFqVr7n94jg+aJc1M2mJEstA

Score
8/10
persistence

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4dcb68519c1d9117d50e0b3677a4ef98_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\4dcb68519c1d9117d50e0b3677a4ef98_JaffaCakes118.dll
      2⤵
      • Server Software Component: Terminal Services DLL
      PID:1420
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k 4dcb68519c1d9117d50e0b3677a4ef98_JaffaCakes118
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.