Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    134s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 01:46

General

  • Target

    c77589d49fba08a129ff3fa1012d2709_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    c77589d49fba08a129ff3fa1012d2709

  • SHA1

    30c5618c55d226880493435e823b1e01cf27b023

  • SHA256

    266ae15d7eb24bbeadae42e9a7ed31dd99c1ea954197a762547b6d85cc7be86d

  • SHA512

    f280c69eaadfdab581ef354067d182c77b114af823b335c99647281a1372a6aa5f2f90b6de4b3e0e1faa6a4fd2df6b60a2a17ee015f306478746b5bef3630d5c

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY5u:hDXWipuE+K3/SSHgxm8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c77589d49fba08a129ff3fa1012d2709_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c77589d49fba08a129ff3fa1012d2709_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\DEM4A0B.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM4A0B.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Users\Admin\AppData\Local\Temp\DEMA18D.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMA18D.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Users\Admin\AppData\Local\Temp\DEMF834.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMF834.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1820
          • C:\Users\Admin\AppData\Local\Temp\DEM4EEB.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM4EEB.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:2604
            • C:\Users\Admin\AppData\Local\Temp\DEMA5B1.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMA5B1.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:576
              • C:\Users\Admin\AppData\Local\Temp\DEMFD24.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMFD24.exe"
                7⤵
                • Executes dropped EXE
                PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM4EEB.exe

    Filesize

    15KB

    MD5

    d34c1bd5ea3a0c35b9a493808a353792

    SHA1

    4c475afe77c142da0dc6b6b38d0073b312ca1f62

    SHA256

    b0d42fdcc548776273aa8872c41792a2348493da840aa5728341d157e2706a57

    SHA512

    67dba2e972f3e40a0730f798ac406102c44f6d8d0547f9f78dca3fd9348889c520b05df2b68e0909fea19634a64ce4bff822ad15b4f73f708b10161ae8b10be9

  • C:\Users\Admin\AppData\Local\Temp\DEMA18D.exe

    Filesize

    15KB

    MD5

    36a05777f2e4dae032d1cbca7ce5027f

    SHA1

    be93f09c204484f29bfd148717df59656e13f25c

    SHA256

    0aada2382e70bf081bcae54c9c524f4b133671fcc0a5dfad85f3b67bb4eaefce

    SHA512

    b72ce131d7078c6efb65a03c80f2ef5786ee0c4c98df16c4f57200fd81a987250bb77c6cbab2a085c04145dc4a7825d6c71a86e8cf69754b5c13d1badfe69fc1

  • \Users\Admin\AppData\Local\Temp\DEM4A0B.exe

    Filesize

    15KB

    MD5

    f1678ded344ed4e26abfc9d4a1b9630c

    SHA1

    bc7698a9d0f330e3f5fda8465bfaeecf6eba9f2f

    SHA256

    4346c2ae2956f7bd8563a8babca5a1c275235862e128eba93133554db7fd89bd

    SHA512

    7091af7aff52144478d7c0dccd58e748b003e6434b324a0a64dba5424b5e4457da2c8ccd952d4c9067429c08ef7d60bf59d6bd50dfb62b503433564bb40387a8

  • \Users\Admin\AppData\Local\Temp\DEMA5B1.exe

    Filesize

    15KB

    MD5

    08660aa37a1c675203690230cff201fd

    SHA1

    a234ecb9ec50680fbfeae13ecb7d66fea79b24c9

    SHA256

    c18cf58517beb101139f95f6dcbbbebaa1aa19bc399fbbe79770d51663810af3

    SHA512

    ec5574eadf2fffbb17d59f4eac5b1a592607169dc06a96bdbe3ed39c1367e0a4b8fe68312bda646cdfb6408128c0cf828921b645f4f4f9933671a2028117a68e

  • \Users\Admin\AppData\Local\Temp\DEMF834.exe

    Filesize

    15KB

    MD5

    cb3ce50fcf38767878409cff9c36673e

    SHA1

    3a9e8d364cd03145d5da6353935f98081e5a05ac

    SHA256

    94fe994fd9d85a4cab269e7dbc7f9966eeb3e0d214f4da4254726e5d08525969

    SHA512

    0f20620c35fd6a3746898ef787fd7e8da48550c05564f80440d78ec04f873ef48f7dea4b927aaf89bf8db18712008b04f59673e912259903296397bd514e5737

  • \Users\Admin\AppData\Local\Temp\DEMFD24.exe

    Filesize

    15KB

    MD5

    f3c53b69e720508f1be029719ca33cc2

    SHA1

    b4ec2316c55e66cd39abe09f501c08f1d6c0d2f8

    SHA256

    cd4f2591bee46a000ae13579751e4adab3713afc38aaeb3e9a5e14cf2c7adf1b

    SHA512

    2e910baf6f674fdd8edef1fff41a0f33e49104d69aae94986106a558dc7887b1c7eab8258b828241cdf64302f90ebfdfa591d854e1ffd2ab4130eda5c43e66ed