Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 15:01
Behavioral task
behavioral1
Sample
ab7b4604f0fa631d9c6d8ef1dcdc0919_JaffaCakes118.dll
Resource
win7-20240708-en
3 signatures
150 seconds
General
-
Target
ab7b4604f0fa631d9c6d8ef1dcdc0919_JaffaCakes118.dll
-
Size
80KB
-
MD5
ab7b4604f0fa631d9c6d8ef1dcdc0919
-
SHA1
70c7b321e4f2aafa00dd0f7e0758d49fa3ab3fc1
-
SHA256
a650d07d7891b95697d7090fea20ce86e3e32dc68e3c5443d048d86ac40a23d0
-
SHA512
d9c2340e0025b41bc93983a54196b19dfba509e8cdc422042389f1b9995bed14431adb9a78f2cd0879dc64c9f9e8f647b71b1238d7c8b993496ed0dedf5464e1
-
SSDEEP
1536:Bm1NGJVGvyS2izHdaUUQBwWxMXA9+MtpJIwyGfuV7bOD7gxlsXabc2:kX0VjWVzH9yGmVPucBA2
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4832-0-0x0000000010000000-0x0000000010013000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1288 wrote to memory of 4832 1288 rundll32.exe 84 PID 1288 wrote to memory of 4832 1288 rundll32.exe 84 PID 1288 wrote to memory of 4832 1288 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab7b4604f0fa631d9c6d8ef1dcdc0919_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab7b4604f0fa631d9c6d8ef1dcdc0919_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4832
-