Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
bc3873f9a3513c89f6b523654a022ab7_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
bc3873f9a3513c89f6b523654a022ab7_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
bc3873f9a3513c89f6b523654a022ab7_JaffaCakes118.dll
-
Size
134KB
-
MD5
bc3873f9a3513c89f6b523654a022ab7
-
SHA1
57c9f720c68da243f1c0e5958e45459d1164cb2d
-
SHA256
0d587f4190938be9797808a3e9e020234322b4293b46166c39a0949dba54553c
-
SHA512
f61bb6174431a62df4ff64ce89378fe5d86a3c845a4fae72b8421ea7a888b08d08252815caccc0950fbfbb102d7cd9dcf0d48458254a60c52ee4bc1f68c496a8
-
SSDEEP
3072:QBn8NqeeGoYAQy8T5z3r4UFJGbN4sVmq1z948I4zL9:an8NPeGoYnT5NJGbNpWEv9
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 540 wrote to memory of 2688 540 regsvr32.exe 84 PID 540 wrote to memory of 2688 540 regsvr32.exe 84 PID 540 wrote to memory of 2688 540 regsvr32.exe 84
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bc3873f9a3513c89f6b523654a022ab7_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:540 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\bc3873f9a3513c89f6b523654a022ab7_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
PID:2688
-