Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

173597bba1...18.dll

windows7-x64

3

173597bba1...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    109s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    173597bba1e6f268a27d8564f0c7191f_JaffaCakes118.dll

  • Size

    92KB

  • MD5

    173597bba1e6f268a27d8564f0c7191f

  • SHA1

    8fa8a393353a8513c37deaa4bd4ff8ed920f2dba

  • SHA256

    248a129bb223a73ffe22b96d94cff8b47e90847e43550a4f516aa008fe938086

  • SHA512

    a6777ad39429ef54225987ed7d7737e930d7b1966fc82791958ddbce1155537bdcc07f80b97c5b08cbac3274d0d3d3ca5c3a55981740b8e2b97b2a7e45fe42b7

  • SSDEEP

    1536:4tBPkuSu6dBbnIRzMm7fPaGF0ybPoScz/bevnE5CdP2d+Dms:yB8zDjnItMmbPaCxcTzevnE58Ys

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\173597bba1e6f268a27d8564f0c7191f_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\173597bba1e6f268a27d8564f0c7191f_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads