Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 18:51

General

  • Target

    0d59cdac6efe4042bba9243e6a5e4e19_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    0d59cdac6efe4042bba9243e6a5e4e19

  • SHA1

    a523a703649a0567b14f7b7e861f143158e785be

  • SHA256

    7af6595ef53007e9468b13e717e21d1e906ee8ec61bf0cc57e06d74ad492fb96

  • SHA512

    1d684731752e32feb1c73199c18dfa52db38cc467b21a9fe6e665d35f961f52623d35f01e27b0088c8faf14ac0d288d5cc27e0d601e8ef43457123e1be77bf7a

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY8QaK:hDXWipuE+K3/SSHgxm83K

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d59cdac6efe4042bba9243e6a5e4e19_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0d59cdac6efe4042bba9243e6a5e4e19_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Users\Admin\AppData\Local\Temp\DEM77A0.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM77A0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Users\Admin\AppData\Local\Temp\DEMCDAB.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMCDAB.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2564
        • C:\Users\Admin\AppData\Local\Temp\DEM2462.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM2462.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:664
          • C:\Users\Admin\AppData\Local\Temp\DEM7A9C.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM7A9C.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:2336
            • C:\Users\Admin\AppData\Local\Temp\DEMD079.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMD079.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:1596
              • C:\Users\Admin\AppData\Local\Temp\DEM2655.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM2655.exe"
                7⤵
                • Executes dropped EXE
                PID:752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2462.exe

    Filesize

    15KB

    MD5

    26fcd071f49a084b473dbbca46e6a158

    SHA1

    7c5be9fe9239549dab055d690a9ea17b8f36a8d7

    SHA256

    f3fec18c4977348f8271e7b9121d126b1a69a2994bc0d82892292cb262da0886

    SHA512

    7c163f39935c9ee218fde4be2a7548817a140e11d28b80db9c3e3d488ed3ba2d82f93a8a300c1fba76f40e053ac59692d350f89252c802dbc82e6219630849ef

  • C:\Users\Admin\AppData\Local\Temp\DEM2655.exe

    Filesize

    16KB

    MD5

    70a22090ce7f03fb1b749d4d3dcc1036

    SHA1

    90df0da03a5289197d1186e41f4576fff9869f85

    SHA256

    9eb8c198b222a1f3ee1677d9bca07eabfe99e52e465c44b6bde1a7981acae739

    SHA512

    71f12b9ec4826920e36013e5928ed6ff24f4ee7cb0bc85c28785c83d5e19dbfd58206b2f5d8d6d235f126ff6fc47eb59fa49604dca0f2b08cd019b30aa1a28a4

  • C:\Users\Admin\AppData\Local\Temp\DEM77A0.exe

    Filesize

    15KB

    MD5

    6b95cdd547bec91209eff785bd82993c

    SHA1

    28c28a892a0ace1e90c89677c403f557a8281c09

    SHA256

    9f4e06f5eaa1cebc7543c4e7d3dac8de5c2312609bf94ed505d24d4dba3483dc

    SHA512

    159d73c86a7e7b6af75639a30ad3ef08af1c080b5b738e9aa6fba2ffbb5f5fbdbc74817151a47c4a31c8d4dfd3b6fb9f1cf24405e7d27859ddb8857b7cbb4310

  • C:\Users\Admin\AppData\Local\Temp\DEM7A9C.exe

    Filesize

    15KB

    MD5

    d6150e2966b129d67fd2861665f2bcaa

    SHA1

    807aecc4c7abfaeafea32732db3518b470370232

    SHA256

    55674edb843f0b270d197b503ae6dec2480a3c8f85ab871d3c5c55fca92f9544

    SHA512

    c7506f9f72ecf287ae1d303fc801f6558f5988b4157945af8acb43c97943fb13bb1532542cda4d3653806fca670c7e674e112d41920587629ef7b9bf6471342c

  • C:\Users\Admin\AppData\Local\Temp\DEMCDAB.exe

    Filesize

    15KB

    MD5

    e2277b7d2a782c7c49bb9498d260e190

    SHA1

    6b05ccdbabd5118abfbb571fa536dfd1262cd1e9

    SHA256

    90d669889f1cd26fc027ae5ac79fbc03f540341585efa9b134a301422c4bcee1

    SHA512

    1b5412666767a67f042b0bce021d63f8675912be6291e9d7a2e919144781acb9f4948597befb0c9a9708f8db03f3a4aadd1338494d700940379cd70c7e6a422b

  • C:\Users\Admin\AppData\Local\Temp\DEMD079.exe

    Filesize

    16KB

    MD5

    80306dd4d12d50b755961540c350130b

    SHA1

    bbe663d1d4f786cac030fa6ea9c07464fb36070d

    SHA256

    86473da65c8533b72a32db4e1a1ffdd01b69868cda1ff77bfa0052aedfd20016

    SHA512

    e9f93e7cdd9ea8012fbdd8bee7ee65d92e6c2ca1914a32a220f6535834caa318d97c7291470e9abfd75f0b3fc62d22fbc4f48cb11d544660d157c95dc3013ef9