Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 15:10

General

  • Target

    ff8fc259ff0fa909675f4bff59c38568_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    ff8fc259ff0fa909675f4bff59c38568

  • SHA1

    b1b66f7bdc8885c50b47e3de9a70d254cd50f886

  • SHA256

    c89b736c4e7a4d989271a2a8217904fdcae3fa52abecd8a688ec2177ecff22d7

  • SHA512

    3bb78bbfa9860a781debef5b97f5c5882c379c61629fb0c1ade3c3f32b9a2e8471d5adcf5ab48e4189f999936a181f0a6ab3f6732786d9c9710c503afc870a1b

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhhG:hDXWipuE+K3/SSHgxzG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff8fc259ff0fa909675f4bff59c38568_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff8fc259ff0fa909675f4bff59c38568_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\DEM281A.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM281A.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Users\Admin\AppData\Local\Temp\DEM7D4B.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM7D4B.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:3012
        • C:\Users\Admin\AppData\Local\Temp\DEMD2D9.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMD2D9.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:320
          • C:\Users\Admin\AppData\Local\Temp\DEM27FA.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM27FA.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1520
            • C:\Users\Admin\AppData\Local\Temp\DEM7CFD.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM7CFD.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:948
              • C:\Users\Admin\AppData\Local\Temp\DEMD1FF.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMD1FF.exe"
                7⤵
                • Executes dropped EXE
                PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM281A.exe

    Filesize

    15KB

    MD5

    85da61ae8252c8da4952fad14fc6a892

    SHA1

    255d4429dbf47d77b70db31212e22374bbe59028

    SHA256

    a70ce19e8eb5fcd365d37bc632aff5d68f85229417eb55cfd57cc68d8d6f3f08

    SHA512

    9d794dbc60286f6423ea5934b37afd33548c27b45d6cb4f0195921f61b7f3a258ad5fde291477082949159b17306dfe6a8d7a59963642fd5a34003d356da3358

  • C:\Users\Admin\AppData\Local\Temp\DEM7CFD.exe

    Filesize

    15KB

    MD5

    f98e22b0008d24e4524625bec286c28c

    SHA1

    bc26e0a12edd35a8cf83a63835cec3a9758a7b84

    SHA256

    8fc571fe9f79f72e9ed06afc7081f5e2181b203afaeb9ed3e2f54f81bfe61166

    SHA512

    970495b3be3153b0f13a28b87495f451c005ac1498abd20b2fdcbaf0e624905d738063771fa968e03b30daace3457841879558e06ab2fb35e204e05ba730ea38

  • C:\Users\Admin\AppData\Local\Temp\DEM7D4B.exe

    Filesize

    15KB

    MD5

    0a1769bd2b927d1814e5e002c72d998f

    SHA1

    ec85f1132230692d939585c12748074860682ff4

    SHA256

    addf1e96fb0681fbd5a1cf97d6a3f83114ed116b6369892388ee5db047c78f2c

    SHA512

    96fbf0245638ed30418dd16b0a6cdf758d2c5093932ebe98721d0c1f0278180ce10855d569f47d5b6e674a127cd53a09daecc0c64f91edc7b9a230a4937b6c4f

  • C:\Users\Admin\AppData\Local\Temp\DEMD1FF.exe

    Filesize

    15KB

    MD5

    9e70497752c6696c54012f097f58030f

    SHA1

    6d6fe238c1e606fac813d2e079ea06f138a04ae2

    SHA256

    30cf104e957062afd6187f1dd09a6ec3121b91724bbb22cd9d601d3daccac9b6

    SHA512

    db5193fb94d8de08f3b78ac18c8b8bfd2078f344d53f7a48becfd95880fc83a5c71523e42f1b413abb53b6ea958aeec29e16ee874da8239223d721bf47b6fad6

  • \Users\Admin\AppData\Local\Temp\DEM27FA.exe

    Filesize

    15KB

    MD5

    ecdc5f4494c47bab2b66413ab55d24b7

    SHA1

    ccfdee98aa757c2cd37940436f88a46d1120afd5

    SHA256

    d1ae301711e40e5288b000391c1952591c45e90d9608f235c59031e4f2d592e0

    SHA512

    63efa2e2cfdd2481ef4f9e9cff975c6bdda5763510389d30caee1108a8a7b74101be4cee2924a0adc613e06d2e5400e88ecda52639b6a814eac86dddfab2d539

  • \Users\Admin\AppData\Local\Temp\DEMD2D9.exe

    Filesize

    15KB

    MD5

    b00549fec7485e55969c1f9f47de635f

    SHA1

    76d021844d8fca0f8d35ff275f6e34cc46baff31

    SHA256

    d0424efa34b1729b90d073d04dad3f9e51cb22493c8404440da83db6f4f8f818

    SHA512

    6d2c466942056f3e3feb2307ac3bd76d97478ebb5ec9385579c921c298a8113856fc1fbe35d2a14ad42d803f80708e3c201362d63e4ec2870559cd77d5b08270