Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 03:03
Static task
static1
Behavioral task
behavioral1
Sample
5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll
-
Size
237KB
-
MD5
5a36f2f50cdb5156b02522f871f93210
-
SHA1
d3682c98a0b915ac8aeb6c7f8e7b9d98a1b862f9
-
SHA256
77f2649315b6105d946b08f4b4427d0c878ad8de28271d35084774ff99c44a04
-
SHA512
0e3371dd8c6f0c1c5204229feb31288cf989d1ea6c17620174c3fbfaefd96edf318964c41d2ec1dd670a8d56781af2418389013891417b2bdfba414ef874dc9b
-
SSDEEP
3072:8Z3kDzZeRaRFXpwb8TV/Hv4h3IHd0xphLQ2vUitSDbcTM4Iq2Dskiyil9t3G1t:W3kpesi8T9Md38FiYZwGh1t
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30 PID 2416 wrote to memory of 2588 2416 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll,#12⤵PID:2588
-