Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 18:46

General

  • Target

    b067bb4049b5a0e030051f532d6fefe7_JaffaCakes118.dll

  • Size

    9KB

  • MD5

    b067bb4049b5a0e030051f532d6fefe7

  • SHA1

    c32d2a0a3d1a11717fe59cf28f94bedb0a95b217

  • SHA256

    9e7a920bdc4de3ee91f79a1dc1f0ed50d81c1a4e04d86d70fe5d36609d1eaacb

  • SHA512

    97779f3100f97325bf2755a7ffbd69f693386cd324fabe3c45a64540e4b78f06c920fd72ecffc8c44917d6b9dd713c958cbf38e6cd4aa0cd361e4f43a7212468

  • SSDEEP

    96:b5XitReUoyqYZoN0/Az6vuegOeiPoHQjzQMLy+m9O2SVl57cFHmP0tKgQ:fYWGHWOeyowJL/m9ul576GMFQ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b067bb4049b5a0e030051f532d6fefe7_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b067bb4049b5a0e030051f532d6fefe7_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads