Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 08:28

General

  • Target

    1d60d1382af76bc9f89568d97784a2a7_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    1d60d1382af76bc9f89568d97784a2a7

  • SHA1

    5c31dc975f6664ff03d39934aeada5103a549449

  • SHA256

    df925a665353ec76c444187087f793c4feac14e920b9f84fc125ab2a750e53a0

  • SHA512

    86df541f4db153ae5e4c45bccb7ed422d263ac5cb1453bad026507311fda8ea29e8284d17e4874800f6c4cc6ef9e45284f057f243a9dd9e03cca1ca93e66d4ac

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhD8ZO:hDXWipuE+K3/SSHgxt6O

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d60d1382af76bc9f89568d97784a2a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1d60d1382af76bc9f89568d97784a2a7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Users\Admin\AppData\Local\Temp\DEM22BD.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM22BD.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Users\Admin\AppData\Local\Temp\DEM787A.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM787A.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Users\Admin\AppData\Local\Temp\DEMCD9B.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMCD9B.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2592
          • C:\Users\Admin\AppData\Local\Temp\DEM22AD.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM22AD.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:272
            • C:\Users\Admin\AppData\Local\Temp\DEM77BF.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM77BF.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:1952
              • C:\Users\Admin\AppData\Local\Temp\DEMCCF0.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMCCF0.exe"
                7⤵
                • Executes dropped EXE
                PID:1916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM787A.exe

    Filesize

    16KB

    MD5

    03ac6536138e1ff5ac5cdb9eb325f19e

    SHA1

    83841a76d381bab27ea18ad0a8b626e5a810dce1

    SHA256

    a3abfe0acf91656b039a2c8f8887143780dc593c0c8a055abf473427acdd29d6

    SHA512

    5de2a4248e97cf38d66fd3e4bee27f146cc68ec781949a3edfc73cb892221645a26becce11d1ca7078debbc6d6a019f68d369102ae8ca99e46d3394017253778

  • C:\Users\Admin\AppData\Local\Temp\DEMCCF0.exe

    Filesize

    16KB

    MD5

    5659d31fbbcc35c0539265fba7f47a98

    SHA1

    e5608f49ac501b49fa1e1133940024b690fc428f

    SHA256

    0fde73210c80569e385ef8047ef46ef44f711a1e5740c47315b7b6ceaaed2d97

    SHA512

    709462b1c157c30632e3aaa06bf2ecbe1fa5ed802ab4d1ad36b453e70e1b4aedec56c80439bfaf42137d0954bdf27db47b304431ef1de66a63c8031be4e1d4aa

  • C:\Users\Admin\AppData\Local\Temp\DEMCD9B.exe

    Filesize

    16KB

    MD5

    fe6970fd8287c444cdaf738393c8662d

    SHA1

    b133e579047e515e83203001d83f0bcd1a98867a

    SHA256

    fd6d92a37389ca836213a514b208d550a34687021e61c00109d9efe7f0d0a1b2

    SHA512

    690f7971902e8be3adf3a5b50c8878349d9da7e7e4c6bd4421cb354d2991a27264c11a4b44f09541698b29ed3981b9e73a88db5ae3f91d3f755c93c22492a493

  • \Users\Admin\AppData\Local\Temp\DEM22AD.exe

    Filesize

    16KB

    MD5

    f9b3f41e2e30b1e20692d8edf1a64f11

    SHA1

    b7255448c7265459d1f0a2f510155ea6ae9feda9

    SHA256

    b8791fcd7ef4553885684c5093f28624dcc19f3eae807d1c87858435f14d6e27

    SHA512

    ef8a2e96e092b81b77a8b6e131235b8a8304c32eb285906f77a7f784c305fb0e1e5de0b8ce8ef2b924118c65b21eb0bbe712122272437092e1456447d05e6745

  • \Users\Admin\AppData\Local\Temp\DEM22BD.exe

    Filesize

    16KB

    MD5

    f635aca4f20b8bb7e58e45044c0b3b76

    SHA1

    30151c8231c77bf6c29798c2e18421720492a097

    SHA256

    f7a3faad228e9a9f446ba1cab132f1c076aa74618929d547126487b4bd5a9466

    SHA512

    da9ec21031bc9374e698aff16e3ea249ebc03420e9df088697039d35a75c07a539fb6a7860e49e2e43780717487ac11c6239ed8637591a4d3b804e25d3294d13

  • \Users\Admin\AppData\Local\Temp\DEM77BF.exe

    Filesize

    16KB

    MD5

    44842296cfb243ae1011ed3fdb29b304

    SHA1

    ee84d565f56ec99d1077a625f65e9e3baa52dc6d

    SHA256

    a91bad0f2147701db6710e30d66176904537e6e83fd7cbdf570b73575782d95e

    SHA512

    e6c26adcdf842c34ed0864239052c94067aed7394ba5ec6c5ff97cb31c4bcaf5157c2e6404068960762295fc56579639ac994c5efb99fd1e0a9f498760d34958