Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 03:49
Static task
static1
Behavioral task
behavioral1
Sample
d101b7330a8f450f84c568518ed6e976_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d101b7330a8f450f84c568518ed6e976_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
d101b7330a8f450f84c568518ed6e976_JaffaCakes118.dll
-
Size
60KB
-
MD5
d101b7330a8f450f84c568518ed6e976
-
SHA1
4239d23076da46c3e8ac6892310972142b51a002
-
SHA256
33557381ed8dcb32402d14da5596c648e31a0110ce1f1eb8f28f5dd141d148ea
-
SHA512
5f1de66fd778192f9e342736b2943c8616ca3cabf017074e246cf63559a9752770bbb992bb5fd5ef299792cf8bf0b22b60a7856d203f46305400253e21a466e5
-
SSDEEP
768:SJB6NgJH/xUgg8RIpqFQZV+0MM4B18JC+GSitOPN7M1+oOwd:I6+HZUh8KpqFeV+0aoGSik8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 720 wrote to memory of 2024 720 rundll32.exe 83 PID 720 wrote to memory of 2024 720 rundll32.exe 83 PID 720 wrote to memory of 2024 720 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d101b7330a8f450f84c568518ed6e976_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d101b7330a8f450f84c568518ed6e976_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2024
-