Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13/10/2024, 20:55
General
-
Target
4205bd0a38cc2dd54df6ecf057d1e317_JaffaCakes118.dll
-
Size
636KB
-
MD5
4205bd0a38cc2dd54df6ecf057d1e317
-
SHA1
a1fedb6250053142c57fe7b3bb35b61debf4977e
-
SHA256
0ed3bf4d977f654c38ee55303ddf431427fbd55a36ce3d5efb8a8608ddca7f9c
-
SHA512
440dbf5f9b4ccbe6e2c8669e0a0ee5a34f5461307ceca77788c23c37df2e7bc061a69792271c624d484fdf31bbb69520d585e65e5aba94272a68e50ab100ce8c
-
SSDEEP
12288:0c2PkJ5n4AZQ4VfJsSkXd0aL1PN7Bdx+nY+XDlWpVQ05N7voMLMgw2So2pNu1:0JyyaPaJj2/XDop2SN71LpCNu1
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4205bd0a38cc2dd54df6ecf057d1e317_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4205bd0a38cc2dd54df6ecf057d1e317_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-