Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28/02/2025, 06:36
Behavioral task
behavioral1
Sample
JaffaCakes118_3235eb6ad2572f14364ddf655b21bc30.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3235eb6ad2572f14364ddf655b21bc30.dll
Resource
win10v2004-20250217-en
General
-
Target
JaffaCakes118_3235eb6ad2572f14364ddf655b21bc30.dll
-
Size
264KB
-
MD5
3235eb6ad2572f14364ddf655b21bc30
-
SHA1
5d177f35f9447a2abcfb520497536e94567ee93f
-
SHA256
8f6730273586a149766ac9c284b5b4565ebd0d58b994c0014f38f19d0d78009f
-
SHA512
755febec6a3a06d51e5864cbf5066640e8273bd52b3c4e26764130034625d4d6e5144db928475aa314ce9cadc1c88b94210481a28054b7e41466053800d3210e
-
SSDEEP
6144:YIVlC9CzFWjAzhGr2YPIVlC9CzFWjAzhGr2Y5:zVQ9IW0wiVQ9IW0wn
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30 PID 2132 wrote to memory of 2196 2132 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3235eb6ad2572f14364ddf655b21bc30.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3235eb6ad2572f14364ddf655b21bc30.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2196
-