Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 13:37

General

  • Target

    06e931b42b33ab3a95c666b5fc2ae6fa_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    06e931b42b33ab3a95c666b5fc2ae6fa

  • SHA1

    97d8d1909fe36851133a65228c14b58b922b8367

  • SHA256

    fed5291c2443e49e70d89de0f944621a4dead8e16e023947a0f3923598aac816

  • SHA512

    98bac124308982722c3f848db8bd2f56f739d73449a035f06f059f67a099afe2ce164208d63906fd557a6f62f9311166ac21b0dcda1e4b3d2dc5d7f46528443d

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhv5Z7+K:hDXWipuE+K3/SSHgxl50K

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06e931b42b33ab3a95c666b5fc2ae6fa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\06e931b42b33ab3a95c666b5fc2ae6fa_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Users\Admin\AppData\Local\Temp\DEMC9E.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMC9E.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Users\Admin\AppData\Local\Temp\DEM623C.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM623C.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2892
        • C:\Users\Admin\AppData\Local\Temp\DEMB73E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMB73E.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:3004
          • C:\Users\Admin\AppData\Local\Temp\DEMCDC.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMCDC.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1588
            • C:\Users\Admin\AppData\Local\Temp\DEM6317.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM6317.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:1376
              • C:\Users\Admin\AppData\Local\Temp\DEMB8A5.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMB8A5.exe"
                7⤵
                • Executes dropped EXE
                PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM623C.exe

    Filesize

    16KB

    MD5

    306cdb4d4b0f2a39106e8f2d810fdbdb

    SHA1

    4a76a2ad05b7aaf46824f83228c1a21d4633f188

    SHA256

    3083e52972d2b7af1ec62c0387f330955e8ab1a8e68fb94b6a8d04520721e19a

    SHA512

    eb9550e2731b2ca76990ede32546bc01de13441b825e7c6ab15fc3a21a4cdb23c1149ef36ae20ee9477a2009cb4cc1c9d2696f6ba311758b05ab113123e037cb

  • C:\Users\Admin\AppData\Local\Temp\DEM6317.exe

    Filesize

    16KB

    MD5

    9507620e9e990a6af53b17b711537f8b

    SHA1

    73af51a88b6efecc9eb0ed75e22952432e85bbb8

    SHA256

    32fcac1bc8d79ead5e5046a30d056d920cbad330b9da60ab4158e2e00fcd62f6

    SHA512

    9fb352522cc6c76ecfc8c19550b392f00e527579ede4f8fb7a5f28b1c5c9398147adfdfa2227827cdcf8d8a9b28c58da5b1baf7b7d61cdb0b644f6c7128ddcf8

  • C:\Users\Admin\AppData\Local\Temp\DEMB73E.exe

    Filesize

    16KB

    MD5

    25999499bac63bc0ceaa6ef50d95c25d

    SHA1

    3fc35768e39c393ec5e76ca1945f30fbca16ca30

    SHA256

    eee35442fd743705abb05f002c8cbc155d2b28600e304c0dbe9be3ff16cfa75b

    SHA512

    30e1ea1db99f850c84edc1aa67f73a29c6367bf68dcd94c361dc9a935eb6eb407a0de4ad02727ab3f1d935452cbdd1115d5e237a3f596499a13bce2efb537bb0

  • C:\Users\Admin\AppData\Local\Temp\DEMC9E.exe

    Filesize

    16KB

    MD5

    0093a5d4b37cbbc86cc7d9a085504025

    SHA1

    9fec29813f17369b181197757ec130412d1dcaff

    SHA256

    fd40c1a47c489f5d4c6577bae8bbd14462a8eebc874fcdd209efe3f77527f252

    SHA512

    fb5d78ad75c6d17f90a07920e7a7b7cc036f6a3f95aacd27fbd1644449ba2d13b636cae7a2af76a503bd006b3de88bc95b6ba0c118a22730937d24b0c4b8cc01

  • \Users\Admin\AppData\Local\Temp\DEMB8A5.exe

    Filesize

    16KB

    MD5

    a4608fddaef9903f708a33243fa0707f

    SHA1

    42c471b2f9ccd39b92306e9b6060ab92378abc20

    SHA256

    4501a182928b2b0f0f4f84ade0f691b7768b24927ccf17e3e8af1169d4417825

    SHA512

    8184d29bb8ed7efbeaab75f5933058ee9562da99ce0cb152fc691eccca3c2b69a4c6a874ddeab798513b9a125f4efb5baf5eea331c84cf1e5647168dc869a4de

  • \Users\Admin\AppData\Local\Temp\DEMCDC.exe

    Filesize

    16KB

    MD5

    3dde8902a784d192f4ac894e73e77d91

    SHA1

    085a10f52e7002b4ee043d58946cfdb53b38e70b

    SHA256

    e330ef25fc84a3f031e83e239d3d4bdfe0c9cbf0f4af1def57b411c6f28042c4

    SHA512

    6747bf55c1f1ddc249652102bde39f7424b399071573ed54c8ef262c43f446550cff299234e33fcc68929dfe1ab130654abad0f42cfd48321a121c86dbd860b6