Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
04/10/2024, 10:43
Static task
static1
Behavioral task
behavioral1
Sample
1302a43d9a6fcab20d9b3fa0fe21789e_JaffaCakes118.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
1302a43d9a6fcab20d9b3fa0fe21789e_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
1302a43d9a6fcab20d9b3fa0fe21789e_JaffaCakes118.dll
-
Size
30KB
-
MD5
1302a43d9a6fcab20d9b3fa0fe21789e
-
SHA1
f698f559d0354bdec09d1104411fd7b4eda83519
-
SHA256
8921b3a0ecc9d350b672a66b3b61cdc5ffe3804b5214f514c40c42c626f20c53
-
SHA512
2e38e92cfc2c505ec8b5aa7b404561394a4c3de774d0c96131ba80d19605e8ac13500451521f05a79201b489e35486e0f29889e82bfa86a186eeccc586c9c536
-
SSDEEP
384:ILJs5yqusFWtRCcH4DcjZGsXVVbRKdPg0uQEuwb5rKgKMKJCmkLv3jPH/OfGlSTL:I4uss8efsub83LJC33jOfOSPPK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30 PID 2300 wrote to memory of 2328 2300 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1302a43d9a6fcab20d9b3fa0fe21789e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1302a43d9a6fcab20d9b3fa0fe21789e_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2328
-