Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
26/01/2025, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_38d3ef59908649a92b60d4af7e57f14d.dll
Resource
win7-20241010-en
General
-
Target
JaffaCakes118_38d3ef59908649a92b60d4af7e57f14d.dll
-
Size
354KB
-
MD5
38d3ef59908649a92b60d4af7e57f14d
-
SHA1
bc2c31ad2f71ba29bc00860c731b9bbafdaecc66
-
SHA256
24cdf72cffd9e2741cb98a0b0c2999ebd43213bb745bff99b09aef31522503c0
-
SHA512
c55ce681d8d2a09493085314c3b269746b6514b59b06a34a58219c4f46d49aa9d7cd67911b59acdc52e32ccaf13e0798b68ddb9194bb54b65b6d56903ec10416
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0A:jDgtfRQUHPw06MoV2nwTBlhm84
Malware Config
Signatures
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31 PID 2120 wrote to memory of 2344 2120 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_38d3ef59908649a92b60d4af7e57f14d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_38d3ef59908649a92b60d4af7e57f14d.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2344
-