Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 05:04

General

  • Target

    dbf46b68e7408b25f39c985259024fce_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    dbf46b68e7408b25f39c985259024fce

  • SHA1

    87ff120dc67ccd7e86c404d1d16995890d008d55

  • SHA256

    92d57cce68556ff0c86ba41d79c89ea323114c29ab42829d9220a37f99b26155

  • SHA512

    3d90028976c894c673ad33c3d3aadfc2708fc7f72f234c207d7751afaf2e66d726fb1c4d3d84c5c466068cf998e7627d0a2dbec759cf7d205483bc8185f35aa7

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yh5Rxf:hDXWipuE+K3/SSHgx3f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbf46b68e7408b25f39c985259024fce_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbf46b68e7408b25f39c985259024fce_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\DEM843D.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM843D.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Users\Admin\AppData\Local\Temp\DEME753.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME753.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2900
        • C:\Users\Admin\AppData\Local\Temp\DEM3E29.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM3E29.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2712
          • C:\Users\Admin\AppData\Local\Temp\DEM9434.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM9434.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1740
            • C:\Users\Admin\AppData\Local\Temp\DEME9F2.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME9F2.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2692
              • C:\Users\Admin\AppData\Local\Temp\DEM3FCE.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM3FCE.exe"
                7⤵
                • Executes dropped EXE
                PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM9434.exe

    Filesize

    14KB

    MD5

    fe053825f3c8885be3f98a9d7d488f92

    SHA1

    19cc8e6ef53a236ba03b108b1dd407f780ca0e79

    SHA256

    7025a142c2fb6dbcf547d734d2a2d6d45bae301fb18bcfd30880ba7ea1fa7363

    SHA512

    d48b8d1ebe6be2d1c0b8c79f56b24a76db12ce5f6ef97b1e337b48b4f33b9ee109893d1ddb532c0ba66127509db0eb92cb352243b29fc4d653e7ee3cf41035a4

  • C:\Users\Admin\AppData\Local\Temp\DEME753.exe

    Filesize

    14KB

    MD5

    d66836a8dec9667365a30f38a63bc6d2

    SHA1

    7af76700b6619612a2adeb0e38717a214fa1b391

    SHA256

    d242cbce58b49619cd4e7d25966c481c53d170b57a1ed2038f11635f69be7875

    SHA512

    0e4b6f3770ef4d404460283a3ce6fe813083f9cd4c4765ba34ab70219ff89d58e00b8c0cc8772470d242bf9cdbf50e4b157fadd4feee188d9564621221e2bd7b

  • \Users\Admin\AppData\Local\Temp\DEM3E29.exe

    Filesize

    14KB

    MD5

    6f19427b9fd1fcc7eab820b59a201b4b

    SHA1

    d80ed0c71f3974a459413011aa835e879a93d598

    SHA256

    a740521966036e95b9e5d8f5e68844184771ee63e755a07293cc071dfe6c28e8

    SHA512

    26ff2729734fa54f9e96bc5dbc90847b3157942234646f25843e13cafbc68f4c540c9db50fee25fce0adc7563a1f411d494dff8a9e8beca9326e337e787c58bd

  • \Users\Admin\AppData\Local\Temp\DEM3FCE.exe

    Filesize

    14KB

    MD5

    5990d0607e3f8895ee568338679bd13c

    SHA1

    806071e92a60364375ae534516a041862a91c96b

    SHA256

    1ab97549ef8f7fa91b30fdb19d486e1a18be6bf03a0fe0edee2794e2971c347d

    SHA512

    68a207f4d6386c00fca0467319ff005fa3a6bf6f305db289ae4bc9467c4862f7e0cfbc09ea1210a4900a3d3f53d294f94b2943519ea4e7cc864c19b3e3ee4630

  • \Users\Admin\AppData\Local\Temp\DEM843D.exe

    Filesize

    14KB

    MD5

    5d0fb832123ac7af1fad03a3513d4d5f

    SHA1

    f15641f63d20b765a9011f3db181cbcf847be7d1

    SHA256

    c50c56a66d9fc5e9b8a28b7a075ce97cfe713530a26fd9d1489cce2469bd4486

    SHA512

    9056e974a51caff3a79b16808347298e4b56a451ab3110271f664da37f871240246177b29299f446e4d002745fcec5f57010f47bc0df3f276ccfdbb99a5d5f0b

  • \Users\Admin\AppData\Local\Temp\DEME9F2.exe

    Filesize

    14KB

    MD5

    86d99a339e9f4ee40401a429f6c34613

    SHA1

    690d882dd56c61556d60ab6ae6e355d285b35a21

    SHA256

    96140bb8764e58403b0ff5ff0e0ec7d71b403b16da450878b2e8983e6aeb27a4

    SHA512

    facf0c84af1fdf62d21f4302d4d31865b5fe7d1a8e8ccd2c8ef162061565f3d00fd595ab7ad8ff080b1b92f70193146c9c26c7a9cc90164631a78ebb36985a79