Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2024, 16:54
Static task
static1
Behavioral task
behavioral1
Sample
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
Resource
win10v2004-20241007-en
General
-
Target
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
-
Size
18KB
-
MD5
3b1990d3a18fce1cbff2e1879cfe7e3a
-
SHA1
614ff064f1c3967b3f42706e31160a95c91267a5
-
SHA256
e38814a8acb8dc6fc6d572e60d8a4d3c1321e03c1e90ff5c27737e4b7f884523
-
SHA512
5e3cdaeabd2c78e47cece93bbf717d50973ae7897191d11a1147b0aef34fd68098798f677f5e0dbdbe5e8b0e9b796f8fe207e48061297a01e955943853cec990
-
SSDEEP
384:vRdCyfMqlW2mQmjNyTo63Eo78HHP5AzTO:XCyUqlvmQAIb37Im
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4624 wrote to memory of 1792 4624 rundll32.exe 83 PID 4624 wrote to memory of 1792 4624 rundll32.exe 83 PID 4624 wrote to memory of 1792 4624 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1792
-