Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 02:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll
-
Size
15KB
-
MD5
65bebcea3615b74db99d8d3945f126ca
-
SHA1
fd7dbc214f10cf44e00b778d6a12fb675fa7ad59
-
SHA256
c4de095e620fdb3ae746863f5a063a9245ab2f66d8086d785268935337580679
-
SHA512
1f9068098ed30cd2ab7f9d41f354e7caa2905ed3729507c4c958a9cdf2f3ba8ec66e628cbd36fdfe6264447713ce40d8e841bab6886031f54d306c007312e397
-
SSDEEP
384:o0Kv2cI3KFQF77iiRUfcYKBNQ37Aue59/VP:vnf7ccNN6cua99
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30 PID 2700 wrote to memory of 2852 2700 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll,#12⤵PID:2852
-