Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 14:38

General

  • Target

    d68c702351756d970a4f81c64823fd4b_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    d68c702351756d970a4f81c64823fd4b

  • SHA1

    f42d712a0a5e05209462fc7ce0f4eb8e250d8f6e

  • SHA256

    a56235728ba2871b53b27ea41139b183c4a5d11a76f3187beaca63730df5b560

  • SHA512

    cdae8b5720d96b1d2c3f7f0146f06c97cca1bc18f3d53aabd4ba4260727071a24016f9dc9d2badd9fe7c67e175ac666f165b2b12561386dd33baf6abc1f02f7c

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhJdS:hDXWipuE+K3/SSHgxhS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d68c702351756d970a4f81c64823fd4b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d68c702351756d970a4f81c64823fd4b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Users\Admin\AppData\Local\Temp\DEM25AA.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM25AA.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Users\Admin\AppData\Local\Temp\DEM7C03.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM7C03.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2924
        • C:\Users\Admin\AppData\Local\Temp\DEMD134.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMD134.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Users\Admin\AppData\Local\Temp\DEM2684.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM2684.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1556
            • C:\Users\Admin\AppData\Local\Temp\DEM7BB5.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM7BB5.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2156
              • C:\Users\Admin\AppData\Local\Temp\DEMD105.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMD105.exe"
                7⤵
                • Executes dropped EXE
                PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM7C03.exe

    Filesize

    15KB

    MD5

    7832d13ce418bdafdbfde53423c1d36d

    SHA1

    80725325160ffb22b9db59b04c5990a331828527

    SHA256

    7682e16772628115a1a34ecb9b28ce97bcfcfd50e3e76d3c8f44bcccd2e4e2ab

    SHA512

    7e945585e263dc503c4508d01c76847868850ec3a557cba4a9444451dce6098556991d34bc3609ce79d230195274872a0424e8fc135fad1b1370c40aa21cd543

  • C:\Users\Admin\AppData\Local\Temp\DEMD134.exe

    Filesize

    15KB

    MD5

    2de2036c50a221e2f37bd705da546d4e

    SHA1

    342e300032753fa297ab2114f552bdcd6a09ef39

    SHA256

    b08651ab379d29824ae7771226716cebcfec2f6bf494298b2f223dd6b9f32a90

    SHA512

    5afaaa3f8f76db93ad3bf58da1f1e063ec08e47a6f0c15c89901500146f8010aa99d77a987115a8039a5b2c8cfbfb6aba4598e67c8152cf56fed83f7f4faeadf

  • \Users\Admin\AppData\Local\Temp\DEM25AA.exe

    Filesize

    15KB

    MD5

    9926bee87bf9eab9af63ea28c13b7767

    SHA1

    f3a9f55a9476190bced7ee66a740d5a73c24b614

    SHA256

    5cdedfb2868fac53e371a97acb26f1c1921a78f8ad4790acb82386f68328c3d4

    SHA512

    ee0c2a925a6347a0a4a1bf17a8e0d381168a328fc080ba357f5dc45c352bc0c8343f88e23b19ec6fc97996a9844bdb2183de313dddb20c95d359a70460cdd235

  • \Users\Admin\AppData\Local\Temp\DEM2684.exe

    Filesize

    15KB

    MD5

    690a8eb417e321ead031418143b23696

    SHA1

    4dc4db58b256216b4303da240e1157dcc1a1ab98

    SHA256

    fccb6f42bf936f7bdd678e3f616502b8d7a08fe5427ac8391125a0f4b3592084

    SHA512

    e26650009daa67b510b6013dc1c08fceb9bba0cf977d4399b45cbcd95d5167ee4678e5805c0227552e32517530106ced0f2159a871e4e8d264b8562712b625b0

  • \Users\Admin\AppData\Local\Temp\DEM7BB5.exe

    Filesize

    15KB

    MD5

    1d6b14ff3a52bd22fcee2e88cd87f86f

    SHA1

    13d1516851ea9db3230efa298f468400e84050fa

    SHA256

    cbb26e5ed57f06077bf352eed1771febe60b1395b0446e2ccca7d8d8d2b7dd62

    SHA512

    5ef59b2443644a2e07ef0fc3f3da97ca3d869d1b434f9b918805f6c74c020045d124f28ce6f2925cb95f5bff595b565f54bb5c3abbc3c0bb5c0184e7c8b3b632

  • \Users\Admin\AppData\Local\Temp\DEMD105.exe

    Filesize

    15KB

    MD5

    b73b757c8980926ed81951793eb23806

    SHA1

    83e32e70306f48a940043f0d118338b362e7688e

    SHA256

    928d40de0d930fe7ddb9d5f88f2d08ad0a310febe8f2b8bd221ac8ce949b9fab

    SHA512

    9aab49e5111cece1efef3b2cb3004fc470b2f2d9b873c2dd8b7542cb4dd144c0d8308b64c8736b7ac250551f8c5ded114a774f377d051cfcde038aeae7011179