Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2025, 05:34
Behavioral task
behavioral1
Sample
JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll
Resource
win10v2004-20250217-en
General
-
Target
JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll
-
Size
111KB
-
MD5
31ef90199c1c44c946a56eb8832a0b4e
-
SHA1
3b64a2f9c78597bd6edc61695b173fcb92c6a270
-
SHA256
0bde44e656ed5f4cc12c4f2130e77da7a2e6edb757dd5023898cb79a2d02ac13
-
SHA512
5f3bc54877f04dba006c3ab71ade068cdaa3b4ee3df4a86da19a4c4120404c395cbaf4376aa2f7ddefdcc0b4447bb52556dbeece06a8e9fe6456b2930fb65111
-
SSDEEP
1536:R5UfVZv6h9jo2rql+ERXuSclSFfL3eoxta2OMdj3KdQU:R5UP6hKRXuS6S9L3e2ta2OMdj3KF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3520 wrote to memory of 3452 3520 regsvr32.exe 87 PID 3520 wrote to memory of 3452 3520 regsvr32.exe 87 PID 3520 wrote to memory of 3452 3520 regsvr32.exe 87
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_31ef90199c1c44c946a56eb8832a0b4e.dll2⤵
- System Location Discovery: System Language Discovery
PID:3452
-