Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
18/07/2024, 10:05
Static task
static1
Behavioral task
behavioral1
Sample
56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll
-
Size
340KB
-
MD5
56e4ebe68c44b61e9984cc6c70d4383e
-
SHA1
d590cc8ca9093d1d27cb7d827680d111c91ebe95
-
SHA256
c265e0b5b45cce5e7ca8ac96e4e7d0bc77bbcb71d1e8ce752179452315d48ba0
-
SHA512
3b9aa43b2576cf170f903c145597289edf0e4c81b1f0d7c2609e5862643d3aca4920c540ab9ae6eb15c3642fcb7b9938f34ccd6ce71c9ee976e1814894585c06
-
SSDEEP
3072:1vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:1206xWgGxLxWN40PDKR/JnX2P
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4540 wrote to memory of 848 4540 rundll32.exe 84 PID 4540 wrote to memory of 848 4540 rundll32.exe 84 PID 4540 wrote to memory of 848 4540 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll,#12⤵PID:848
-