Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 06:03
Static task
static1
Behavioral task
behavioral1
Sample
c855d192db2af80eb111a338758ee10c_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c855d192db2af80eb111a338758ee10c_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
c855d192db2af80eb111a338758ee10c_JaffaCakes118.dll
-
Size
88KB
-
MD5
c855d192db2af80eb111a338758ee10c
-
SHA1
60f14701fa6a17e0f73c32014abcab5becdd4b2e
-
SHA256
e904558e380733a8ab2c9a6c707f9ca74a780a544a1e37f75a467da3c0f49049
-
SHA512
28a137286cf3b314779d7d1926aa8a2f8abcbd5f47b13b0dbe826fc5f5e07562ba326e270563095517587b7613641b4fef67b24db5a2b3be8e5aeba7fbe71442
-
SSDEEP
1536:W1364l7P7Yxi9conNz6pxakQaa4kimfRuOM/5r9DKu:m364l7P7bXNz6naR4NmJHGrDK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1240 wrote to memory of 980 1240 rundll32.exe 84 PID 1240 wrote to memory of 980 1240 rundll32.exe 84 PID 1240 wrote to memory of 980 1240 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c855d192db2af80eb111a338758ee10c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c855d192db2af80eb111a338758ee10c_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:980
-