Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 23:14
Static task
static1
Behavioral task
behavioral1
Sample
65305c54851fcc6b87c05c8a0ae1f585_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
65305c54851fcc6b87c05c8a0ae1f585_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
65305c54851fcc6b87c05c8a0ae1f585_JaffaCakes118.dll
-
Size
16KB
-
MD5
65305c54851fcc6b87c05c8a0ae1f585
-
SHA1
1f5e77dd7de3cafc80e0df5e6241780706ecfdb5
-
SHA256
06de8665df0346a0f5dc8d20c1c4a5d182420d2b3ceb1f9dc8e0f247e53de8d7
-
SHA512
66665a7f817fc240d6a2844b97b6cba3774fe584ba18e8ea510ed1d84d4c564ab4a0d24df59a206568b103715c6107f28510c45bdff0541e5c429e9a29539e97
-
SSDEEP
384:pO+IirYOgmA9x2ojy0+kjzjhUlmbuDJihqSHuJWN7uCiCfOze:pKiOtxAGfhUlvDJuJHue
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30 PID 2304 wrote to memory of 496 2304 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65305c54851fcc6b87c05c8a0ae1f585_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65305c54851fcc6b87c05c8a0ae1f585_JaffaCakes118.dll,#12⤵PID:496
-