Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 18:06
Behavioral task
behavioral1
Sample
dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll
-
Size
812KB
-
MD5
dcc5643cbf7c3af0eb57e2473eecbb68
-
SHA1
395b8fdf23d116827541baa559511b60da6d0df8
-
SHA256
1cf55e4a445df682481dc2f6df39898b3eb22f0cb276663c353011ae633fad2c
-
SHA512
5188f77482e9855b9ac561e93dc598b06f8b359060a08fcf456e190345d4b127798106812794806e30139a7e48f2385ce33c7b2787dec66d62fe9c1b4d4c090e
-
SSDEEP
12288:maH5RxR49LfLMI/3GLvJozrM2Fy+6sYDRS54d7:x45fLMI/VTFy+L927
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1476 wrote to memory of 1112 1476 rundll32.exe 83 PID 1476 wrote to memory of 1112 1476 rundll32.exe 83 PID 1476 wrote to memory of 1112 1476 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5643cbf7c3af0eb57e2473eecbb68_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1112
-