Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
26/07/2024, 08:42
Static task
static1
Behavioral task
behavioral1
Sample
7356ec6890d76f78ababe19959582d65_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7356ec6890d76f78ababe19959582d65_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
7356ec6890d76f78ababe19959582d65_JaffaCakes118.dll
-
Size
340KB
-
MD5
7356ec6890d76f78ababe19959582d65
-
SHA1
1e8ccd1b00994f95112cb61981116addff050b3f
-
SHA256
9aa464664691641ddc4a2d0a52a559e294f63a68bda3cb532e0b8871869bc1b4
-
SHA512
22075aac93f3834364d1fc35ba75e6517a71725aa887891bc59fffe818eb62fb2ef4e725ffacb0afbafde99e2624769d5d7ef6ac9a4ee887473db7a263430096
-
SSDEEP
3072:ivA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:i206xWgGxLxWN40PDKR/JnXya
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1576 wrote to memory of 3380 1576 rundll32.exe 84 PID 1576 wrote to memory of 3380 1576 rundll32.exe 84 PID 1576 wrote to memory of 3380 1576 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7356ec6890d76f78ababe19959582d65_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7356ec6890d76f78ababe19959582d65_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3380
-