Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
da98ed62fd7a13555b903d3043365c37_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
da98ed62fd7a13555b903d3043365c37_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
da98ed62fd7a13555b903d3043365c37_JaffaCakes118.dll
-
Size
41KB
-
MD5
da98ed62fd7a13555b903d3043365c37
-
SHA1
45a68088f4c1b2e972442cc2da42a85ba9615449
-
SHA256
e352531d21f06d83ddc2a1573d88b45e2878bca4b9fcc6cb4f738d0e28cc3b5e
-
SHA512
d45f63058c29c53c02baf8cc2ac4d9184e1e7d144a9afab6d9f69fb8ca0466395368f1ae68ba1b5f997d452a58a16b54d0a4258b11c1f99b3de8f90714676730
-
SSDEEP
768:hABk6tRDMCdTaReHsaKeX/wyCecYVfIpXHJ4UsZ:O1TWeM4PVIZHJ4U4
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2268 2176 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5076 wrote to memory of 2176 5076 regsvr32.exe 83 PID 5076 wrote to memory of 2176 5076 regsvr32.exe 83 PID 5076 wrote to memory of 2176 5076 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\da98ed62fd7a13555b903d3043365c37_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:5076 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\da98ed62fd7a13555b903d3043365c37_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
PID:2176 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 5963⤵
- Program crash
PID:2268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2176 -ip 21761⤵PID:3596