Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 15:21

General

  • Target

    fecdf99d951dd680975de765f058ceeb_JaffaCakes118.dll

  • Size

    59KB

  • MD5

    fecdf99d951dd680975de765f058ceeb

  • SHA1

    3e99cdd7f24930b8574c547ad263c30e9ae05e12

  • SHA256

    b90f2d065bfdbbebcebbbdce5b47fbc85146eda3f5a856da6b7a72f209e455fa

  • SHA512

    b5c3b6b8d6524a8d11001dfeb7501cd76b909370de459abd964a807735769884689281665fe6d6ae5f04e04117a7e14322f942b225e7a8604124ce44733c3df0

  • SSDEEP

    1536:Z6yEOWXF+PiE/v2OD6IsVZ8OgMaGeyY5bqY4wVjuX8:Qc3PDeHIi5gJyomY4+aX8

Score
5/10

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fecdf99d951dd680975de765f058ceeb_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fecdf99d951dd680975de765f058ceeb_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2788-0-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB