Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 18:06

General

  • Target

    dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll

  • Size

    812KB

  • MD5

    dcc5643cbf7c3af0eb57e2473eecbb68

  • SHA1

    395b8fdf23d116827541baa559511b60da6d0df8

  • SHA256

    1cf55e4a445df682481dc2f6df39898b3eb22f0cb276663c353011ae633fad2c

  • SHA512

    5188f77482e9855b9ac561e93dc598b06f8b359060a08fcf456e190345d4b127798106812794806e30139a7e48f2385ce33c7b2787dec66d62fe9c1b4d4c090e

  • SSDEEP

    12288:maH5RxR49LfLMI/3GLvJozrM2Fy+6sYDRS54d7:x45fLMI/VTFy+L927

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads