Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/09/2024, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll
-
Size
98KB
-
MD5
ea0a8eae95c357fbbf1cff0e933f56a4
-
SHA1
836af0e5b25754a710a79683af13d286a85d875a
-
SHA256
4ab221399c6a34029ce84787176b83b48f3510df115147744b09f865893fcf29
-
SHA512
d59bba2997662aceb64402f21716d1e280917b5c663e6535e80010446afbc00c04c786b8fe214e507e2cd0c383909f379744986b7065aab94819e987d67d4ba2
-
SSDEEP
3072:i9RVfqnAbcEty9oQOWvocb/4QK1jU6ovqG:iNbA9vPMQK1mSG
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3772 wrote to memory of 1580 3772 rundll32.exe 82 PID 3772 wrote to memory of 1580 3772 rundll32.exe 82 PID 3772 wrote to memory of 1580 3772 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1580
-