Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 15:48
Static task
static1
Behavioral task
behavioral1
Sample
86acd4ced6bf74996711a9a6fe207371_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
86acd4ced6bf74996711a9a6fe207371_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
86acd4ced6bf74996711a9a6fe207371_JaffaCakes118.dll
-
Size
32KB
-
MD5
86acd4ced6bf74996711a9a6fe207371
-
SHA1
3b82b2b29bebc006296ab6176e844dbb578977ab
-
SHA256
511c97ac9cd9c457856b13f78f792456b6a35800ed10553f3e7fbd1c8f685131
-
SHA512
cde0a64901132d5dcce0a8d423e4a190f198b294f045206b7014c68759935065abca2ea58d5eda1931d9ceab7079c204a7fb4c606aedeca0591cd07c74641507
-
SSDEEP
384:B59+PbhI7kZp9LootKgKcYJbiUN7Zt5jJ0Nv1HLIs9DpCdSn0ZyaxD8sIHomTp1/:5+ThI7GqgY3Fz5tkv1HXR0ZyaxYswV/
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30 PID 3044 wrote to memory of 3040 3044 regsvr32.exe 30
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\86acd4ced6bf74996711a9a6fe207371_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\86acd4ced6bf74996711a9a6fe207371_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
PID:3040
-