Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 12:48

General

  • Target

    JaffaCakes118_3fb2e10216207aad054db043f8cdd6d2.dll

  • Size

    122KB

  • MD5

    3fb2e10216207aad054db043f8cdd6d2

  • SHA1

    0a704d3f4104d32161f68bcc607e7201d898e9ed

  • SHA256

    44211df5a868c8f62026add71f37de7c23f2896643df105fb261b9cd8942958f

  • SHA512

    07dcbc7e5ad29e82d9963cc57c1dd66e03c1b04b02067faa2efed393e519dda235ed5bde9f6950999806608fd972e6fc9845ff6ad0e2b2b26313ff0be6b39d59

  • SSDEEP

    3072:of9xHwm1PXBmXZFeA28pMGEdePl9dehiv80P80Cnp8d6d:wdwaWB28adeP/deUv80P80Ap8e

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 3 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3fb2e10216207aad054db043f8cdd6d2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3fb2e10216207aad054db043f8cdd6d2.dll,#1
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • System Location Discovery: System Language Discovery
      PID:1856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads