Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 18:14
Behavioral task
behavioral1
Sample
872008f7342e4d6828ddce53e4401a0a_JaffaCakes118.dll
Resource
win7-20240705-en
2 signatures
150 seconds
General
-
Target
872008f7342e4d6828ddce53e4401a0a_JaffaCakes118.dll
-
Size
66KB
-
MD5
872008f7342e4d6828ddce53e4401a0a
-
SHA1
c4986c6e1ab88a68d8a0452b09725baab86d08db
-
SHA256
67c808579b1ec4a0da4010109a76b6496bbf8dcb1be18a72e0a0528358c74b7e
-
SHA512
96370a4318e560a41f2b11ba5c7f4a896c8ccfe293c9c887c1dab062dcdb5d3f186ec4b2a15f39f9196401338659b7ca67ec584720d0672f9f16bbeae41d8211
-
SSDEEP
1536:IykzkaggXAZxDlw/fKAKQvD410VpiN8YxYz047c/Q:IFzkaT42HPvc0VwakYz1Y/Q
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30 PID 2536 wrote to memory of 2520 2536 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\872008f7342e4d6828ddce53e4401a0a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\872008f7342e4d6828ddce53e4401a0a_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2520
-