Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ea0a8eae95...18.dll

windows7-x64

3

ea0a8eae95...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2024, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll

  • Size

    98KB

  • MD5

    ea0a8eae95c357fbbf1cff0e933f56a4

  • SHA1

    836af0e5b25754a710a79683af13d286a85d875a

  • SHA256

    4ab221399c6a34029ce84787176b83b48f3510df115147744b09f865893fcf29

  • SHA512

    d59bba2997662aceb64402f21716d1e280917b5c663e6535e80010446afbc00c04c786b8fe214e507e2cd0c383909f379744986b7065aab94819e987d67d4ba2

  • SSDEEP

    3072:i9RVfqnAbcEty9oQOWvocb/4QK1jU6ovqG:iNbA9vPMQK1mSG

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0a8eae95c357fbbf1cff0e933f56a4_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1580-0-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download