Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2024, 20:44
Static task
static1
Behavioral task
behavioral1
Sample
8be6bccabb509ec04ed3ec0cfad0f949_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8be6bccabb509ec04ed3ec0cfad0f949_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
8be6bccabb509ec04ed3ec0cfad0f949_JaffaCakes118.dll
-
Size
73KB
-
MD5
8be6bccabb509ec04ed3ec0cfad0f949
-
SHA1
e8af85fea2bb31efc27722e6dce8aa7da4928916
-
SHA256
0a4741ce35736b1eba2167ce59a9e66cfb56a7971f88e54d2af2954258290214
-
SHA512
58bd21d876679411331992db741cc9181085a4244e3c16ba62258820ccfb356941f6e8cc71da0c8cee59f8acbe811dcf537fe7140a543aa2c821224ea37ce445
-
SSDEEP
1536:cMOkOCj/WxSvnDt/E7Hqft8K2nz+WO8Cy/J:vgxSvh88M+WO8Cy/J
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4416 wrote to memory of 2956 4416 rundll32.exe 91 PID 4416 wrote to memory of 2956 4416 rundll32.exe 91 PID 4416 wrote to memory of 2956 4416 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8be6bccabb509ec04ed3ec0cfad0f949_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8be6bccabb509ec04ed3ec0cfad0f949_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:81⤵PID:3800