Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/01/2025, 17:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
JaffaCakes118_06400ae47fed1374f83aec7625342932.dll
Resource
win7-20240903-en
2 signatures
150 seconds
General
-
Target
JaffaCakes118_06400ae47fed1374f83aec7625342932.dll
-
Size
314KB
-
MD5
06400ae47fed1374f83aec7625342932
-
SHA1
2e9dd83df81b9c785b6bfaace192565f06912f65
-
SHA256
8fe7d762a1af83eab4b192468450b56c6b3841eeb2152e0c8aeac5b844679c53
-
SHA512
732425734bcdf5f0e350adeb1fe5e9e2f510a50e8dd91ea36a0bc1a4179c8b5a674551ff9662f6dd8a18564625df55880b66505bf39080344a934e2f1ac2316b
-
SSDEEP
6144:FMJOWK4l0wqOVq1Kwfxibt8T2t9Mv/mWGLRsV2:F2OWK4llHwfYyTGMv/m1GV2
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30 PID 1228 wrote to memory of 2080 1228 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_06400ae47fed1374f83aec7625342932.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_06400ae47fed1374f83aec7625342932.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2080
-