Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...4e.dll

windows7-x64

3

JaffaCakes...4e.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2025, 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll

  • Size

    111KB

  • MD5

    31ef90199c1c44c946a56eb8832a0b4e

  • SHA1

    3b64a2f9c78597bd6edc61695b173fcb92c6a270

  • SHA256

    0bde44e656ed5f4cc12c4f2130e77da7a2e6edb757dd5023898cb79a2d02ac13

  • SHA512

    5f3bc54877f04dba006c3ab71ade068cdaa3b4ee3df4a86da19a4c4120404c395cbaf4376aa2f7ddefdcc0b4447bb52556dbeece06a8e9fe6456b2930fb65111

  • SSDEEP

    1536:R5UfVZv6h9jo2rql+ERXuSclSFfL3eoxta2OMdj3KdQU:R5UP6hKRXuS6S9L3e2ta2OMdj3KF

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3520
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads