Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 18:03
Static task
static1
Behavioral task
behavioral1
Sample
ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118.dll
Resource
win7-20240729-en
General
-
Target
ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118.dll
-
Size
436KB
-
MD5
ac05f3e3c0774eac69ed06a6d2cbb543
-
SHA1
48f8b34ec60a0469c03f4ced8250720cde961383
-
SHA256
cb6ffd40086f791f484e4e35e2a3fbf0fdf112cd6f9f749478e831ac8e8e1106
-
SHA512
0c20771add113db39b4b753e7cfd6458cbf0dd7b81cfb0f73a9a0d471acd9dd6c76668c0b8a478c273798466869f8ca4ef0154e6f29f2df969540ee69f7682f3
-
SSDEEP
12288:6Kc3Y0IDPO3RZIqOVCUlcOQ+tuYw7dmvxdtLMkOa:zcI0I2ZIqzcu+vw7QxLv
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 3040 5104 rundll32.exe 84 PID 5104 wrote to memory of 3040 5104 rundll32.exe 84 PID 5104 wrote to memory of 3040 5104 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118.dll,#12⤵
- Identifies Wine through registry keys
- System Location Discovery: System Language Discovery
PID:3040
-