Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2024, 18:27
Behavioral task
behavioral1
Sample
14780e98a34e9c024d0f457ca1338dca_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
14780e98a34e9c024d0f457ca1338dca_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
14780e98a34e9c024d0f457ca1338dca_JaffaCakes118.dll
-
Size
78KB
-
MD5
14780e98a34e9c024d0f457ca1338dca
-
SHA1
8cea308858415d78d0ca390de845f482792d6e79
-
SHA256
aa24a4ebb18645d97d6b5d18983072ae5ebd6b4226526b9365f6c73532742241
-
SHA512
9258ca35970ee5eec206994f839f703b7e6d1496a9c2e889d3285e338f15bbfbb64f114b1491d71b111e0bea8a03c016510978e2121fc3dc628dd0368abec34e
-
SSDEEP
1536:yInSkuvfZ/AuwUEFPlua1dZEfsq2CkfL1c6V:yZxvfGN7d+wdL
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5032 wrote to memory of 4856 5032 rundll32.exe 82 PID 5032 wrote to memory of 4856 5032 rundll32.exe 82 PID 5032 wrote to memory of 4856 5032 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14780e98a34e9c024d0f457ca1338dca_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14780e98a34e9c024d0f457ca1338dca_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4856
-