Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 19:01
Static task
static1
Behavioral task
behavioral1
Sample
deb674c970fe55a731435352a90a0f79_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
deb674c970fe55a731435352a90a0f79_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
deb674c970fe55a731435352a90a0f79_JaffaCakes118.dll
-
Size
97KB
-
MD5
deb674c970fe55a731435352a90a0f79
-
SHA1
faf302f776735974bee050b2b64421df7f533f6a
-
SHA256
6fa66bfda7a4dcd44a61f2ae08747ad326941255368a77c04e6d7fe1fdcb36a0
-
SHA512
e52fe691336b0a18e2241e23dfbf9e0e758c272ca1ed7a0aa2380d5ccd187966ecf26bf0162746ed8ced30272d4fbcba1563f9c0bfa96dab72e290bbcfe5a5f9
-
SSDEEP
1536:+MqzW7JoS7qxgY96riqT2KazWkokkkkkkotV74wooR70Cln:+5OK1bzWkokkkkkkcVUwooR7
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2888 wrote to memory of 4928 2888 regsvr32.exe 90 PID 2888 wrote to memory of 4928 2888 regsvr32.exe 90 PID 2888 wrote to memory of 4928 2888 regsvr32.exe 90
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\deb674c970fe55a731435352a90a0f79_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\deb674c970fe55a731435352a90a0f79_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4308,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:81⤵PID:2320