Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2024, 05:33
Static task
static1
Behavioral task
behavioral1
Sample
a15dae92b9bcffd3779c81d7e790ffe9_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a15dae92b9bcffd3779c81d7e790ffe9_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
a15dae92b9bcffd3779c81d7e790ffe9_JaffaCakes118.dll
-
Size
396KB
-
MD5
a15dae92b9bcffd3779c81d7e790ffe9
-
SHA1
54c152a2a7c13a61c895fd944c2f899ecd64c460
-
SHA256
f40b7d208ee088d0060464d916749856c5e35b354da66f1bb63514a02aa74a4f
-
SHA512
08a84ba7229cebd9aa42d671190e50bd32f85bb270922006d9d29ef6cbe09bcda1ab19df3c00d9e5a50e2b8374d142627f89f17b1ca90b5325e2361aa453ff6b
-
SSDEEP
12288:Pog0Jw/irj6XVaU2Y2wiQdRq4m+g9aS/2NG:Px0Jw/irmlaU25wiQdRq4m+tI2E
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4992 4988 rundll32.exe 91 PID 4988 wrote to memory of 4992 4988 rundll32.exe 91 PID 4988 wrote to memory of 4992 4988 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a15dae92b9bcffd3779c81d7e790ffe9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a15dae92b9bcffd3779c81d7e790ffe9_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3960,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=1308 /prefetch:81⤵PID:976