Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 19:30
Static task
static1
Behavioral task
behavioral1
Sample
430a2036b67df867c36d05da4a7db2cd_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
430a2036b67df867c36d05da4a7db2cd_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
430a2036b67df867c36d05da4a7db2cd_JaffaCakes118.dll
-
Size
23KB
-
MD5
430a2036b67df867c36d05da4a7db2cd
-
SHA1
6c7f51dc2b9168d5ea9220c9443a6cebb95607b8
-
SHA256
78bc720ca6ada82e8b141e33f918ee1de9f69060e772f7cea1c58fe58cd48351
-
SHA512
4b514aee31a01d5fd2d7b528b2c807b1205aad11fe34a5e26ac1747801a14a0e0653c6547150f7dc51501690fdcbe51b011ddc107d9227647e18854e9e8dba33
-
SSDEEP
384:ahmpov1wMsvNWXWKsHSrcaNSYi2vDdbH6DEbse1eaf2U7TQp4odtPTCY8k9xU:fpka91WGdyrqGH68sDaf2UHQp4oHmfkf
Malware Config
Signatures
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum rundll32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 rundll32.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\linkinfo.dll rundll32.exe File created C:\Windows\twain_86.dll rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3744 wrote to memory of 5032 3744 rundll32.exe 85 PID 3744 wrote to memory of 5032 3744 rundll32.exe 85 PID 3744 wrote to memory of 5032 3744 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\430a2036b67df867c36d05da4a7db2cd_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\430a2036b67df867c36d05da4a7db2cd_JaffaCakes118.dll,#12⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:5032
-