Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 16:25
Static task
static1
Behavioral task
behavioral1
Sample
aff48f6228ae2e29f8e77b58cd0aedc6_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
aff48f6228ae2e29f8e77b58cd0aedc6_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
aff48f6228ae2e29f8e77b58cd0aedc6_JaffaCakes118.dll
-
Size
40KB
-
MD5
aff48f6228ae2e29f8e77b58cd0aedc6
-
SHA1
a6f5b70faddabfc76bb8f7f7bbbe27cffa756e6f
-
SHA256
561598af897fe2b2b4a575ce6f096ad0c58187919a3289acb430293d21991a9b
-
SHA512
7de401a5d558ddee438f2774b2c7c46242df7965fe9c65916ef0cd7927b190d93c937f66c147a94a32040a18eaa3316a41d8589416808a208c9e491fb067a1fc
-
SSDEEP
384:b8ugiu4RW00BIn4PatOKkzfsphC0Pbac06qjrdelhrjtQxS7vW/W:bHg8RBf4StDifohbQrdAhfR
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5052 wrote to memory of 4400 5052 rundll32.exe 84 PID 5052 wrote to memory of 4400 5052 rundll32.exe 84 PID 5052 wrote to memory of 4400 5052 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aff48f6228ae2e29f8e77b58cd0aedc6_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aff48f6228ae2e29f8e77b58cd0aedc6_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4400
-