Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 08:18
Static task
static1
Behavioral task
behavioral1
Sample
2dc959ae01302ed034f8b2000a6429e3_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2dc959ae01302ed034f8b2000a6429e3_JaffaCakes118.dll
Resource
win10v2004-20241007-en
General
-
Target
2dc959ae01302ed034f8b2000a6429e3_JaffaCakes118.dll
-
Size
61KB
-
MD5
2dc959ae01302ed034f8b2000a6429e3
-
SHA1
56da7a2dd1b41ce22cb8c4eb9814edba168e6486
-
SHA256
7ac7d44eb851a089d1714c4ad67e2da5f6a8307c55bdb6b1f099716b1a1165e4
-
SHA512
bcc3fdf7a80c07545c6f2a77dfbc0af309def007b1c280ce88bc6f9a1add80ddb63367852ce6372ff85f0e209080994efa808f2ebed1fd0dcdf313c4b4ee881b
-
SSDEEP
1536:Bbtu2nTL+4XtcFhDpeFiZ6uxWjJ6ka6zoLL1+XVltO:Bbtu2TL+KtcFh6IWjk6zoLL18VlM
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3336 wrote to memory of 732 3336 rundll32.exe 83 PID 3336 wrote to memory of 732 3336 rundll32.exe 83 PID 3336 wrote to memory of 732 3336 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc959ae01302ed034f8b2000a6429e3_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3336 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc959ae01302ed034f8b2000a6429e3_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:732
-