Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 06:50
Static task
static1
Behavioral task
behavioral1
Sample
77437a0b50e0d24375705394fb1c4250_JaffaCakes118.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
77437a0b50e0d24375705394fb1c4250_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
77437a0b50e0d24375705394fb1c4250_JaffaCakes118.dll
-
Size
80KB
-
MD5
77437a0b50e0d24375705394fb1c4250
-
SHA1
33dab606f680fa4ddc3584b88a3b7916802229ba
-
SHA256
03f0a127a17eb8b4d6568286a083ad2b23df53f0685813860f85480ac4af0ccd
-
SHA512
c1089e7e81c79e69356a0ef88d112e101c15dcc81d2179268b1645a9294ea7103d4bb57d03faa87f392c287625e98fa13f93fbfe789de41a61d6a46938c7e6b2
-
SSDEEP
1536:cTSuqeSz8NOKFAyMWtGV2039vLcIgn1HUBvWWShrO0XTeMJkE:cTSuqe88N+ybf039cIY10Bv0rO0XTeMJ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1012 wrote to memory of 1700 1012 rundll32.exe 86 PID 1012 wrote to memory of 1700 1012 rundll32.exe 86 PID 1012 wrote to memory of 1700 1012 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\77437a0b50e0d24375705394fb1c4250_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\77437a0b50e0d24375705394fb1c4250_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1700
-