Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 22:42
Behavioral task
behavioral1
Sample
5dfbee20dc676d4c6263cd6f7ab7c777_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5dfbee20dc676d4c6263cd6f7ab7c777_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
5dfbee20dc676d4c6263cd6f7ab7c777_JaffaCakes118.dll
-
Size
121KB
-
MD5
5dfbee20dc676d4c6263cd6f7ab7c777
-
SHA1
a6c543f585f05b3d186512db0c109b8a7fa2f026
-
SHA256
444fdad3a71a6ae49fdc9fb29f29fb138209ab45edc3a54168dc1585321f16b8
-
SHA512
57be1ebc52e8290a8a2bb581c93a31cb28ccb4aa23c291a449728428b62656415a92cac8f8ca7359c3f71e4772197bfd67d96706fe7183be5e0272e152ea8c40
-
SSDEEP
1536:qJOicqgmfzx8xnhBbgA6U86ee1RCfBISH+ZFZISyiv25LqfSnPrSqXfoUU:oO+Bd8Vh26D1RUBIP6Syin0fPU
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1736 wrote to memory of 3120 1736 rundll32.exe 84 PID 1736 wrote to memory of 3120 1736 rundll32.exe 84 PID 1736 wrote to memory of 3120 1736 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5dfbee20dc676d4c6263cd6f7ab7c777_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5dfbee20dc676d4c6263cd6f7ab7c777_JaffaCakes118.dll,#12⤵PID:3120
-