Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 12:52

General

  • Target

    089db6727582e6e158b513367b561a46_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    089db6727582e6e158b513367b561a46

  • SHA1

    d5b7e927cc79273771472132597b432a096797bd

  • SHA256

    675df4e95365007f3f3da8fd28b1e6687cfd513217718b01b8f0ea7562637a21

  • SHA512

    e914061db4383ca435323fbce02b923ba23b0f23cf1593c020331097fa73bd8d1a948971cdb29595a14be85f97848257902e721cc9a153d9b8c516d44d417298

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhZXd2:hDXWipuE+K3/SSHgx3N2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\089db6727582e6e158b513367b561a46_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\089db6727582e6e158b513367b561a46_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Users\Admin\AppData\Local\Temp\DEM1287.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM1287.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Users\Admin\AppData\Local\Temp\DEM6825.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM6825.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1208
        • C:\Users\Admin\AppData\Local\Temp\DEMBD95.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMBD95.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Users\Admin\AppData\Local\Temp\DEM1314.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM1314.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:316
            • C:\Users\Admin\AppData\Local\Temp\DEM6893.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM6893.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2456
              • C:\Users\Admin\AppData\Local\Temp\DEMBE21.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMBE21.exe"
                7⤵
                • Executes dropped EXE
                PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM6825.exe

    Filesize

    14KB

    MD5

    188a30e87a30cde0637023c501adfa92

    SHA1

    d4bec1391379612b41eb116bd998d557681d024e

    SHA256

    0b44ae9b1b7d2bc8b170fec865fd3361836301bf3a3110a837c975e55efab490

    SHA512

    224c9c73106dad3cdb8a271b149744705d5a743c20af0dd15cbcd5b79e100fb2e632788128b06b622b2f1ee35733a4b81dc812ab081b7cf34e308f6cf807d609

  • C:\Users\Admin\AppData\Local\Temp\DEMBE21.exe

    Filesize

    14KB

    MD5

    9bc9acc5d3298eda79f2696108c800a3

    SHA1

    f271533f8277d7f347b240ee9e42a695b76bfdcc

    SHA256

    4d3fdef9ff58c559be94ceb4e2a8b6b51f12a1e2a43f23ec5c019350c13f98d2

    SHA512

    cf1e738175b1027f3f2b2e84aa7467e722c5407a0d0885fc3df19335bbac159a4af07324c78fa6cd9eb1cc07424a7338cdfda421eabb53b62f02418ab8c227bf

  • \Users\Admin\AppData\Local\Temp\DEM1287.exe

    Filesize

    14KB

    MD5

    763a435a8cf49a449670df4cd12f05f5

    SHA1

    297d1709857173e98bcd509440ffcd811c026fd7

    SHA256

    8a4c75cc0424469ca5db31e6f2e6c5ccfb9bc6596c91258fb2e2abf32ec0f758

    SHA512

    8b0693e0100c3904ec0a22a6ebbd88545953cca5578536f9f32a9bb2966547faf9f885580cb6c33c7e348dfdb239949597594c98fb499c196d421481ba993f1a

  • \Users\Admin\AppData\Local\Temp\DEM1314.exe

    Filesize

    14KB

    MD5

    ed1c61816fa8f943debfe93880777d36

    SHA1

    1e967f378cac044ebff554d12518f850aad90512

    SHA256

    b432f0ad3f7003cbc653727d6d5cea349679963a2d789679689d9dee9e3ba921

    SHA512

    91e108d61c8db70744a997406161ca56eed2636d343a63f724fd98871319d637aaf6334ce178c1874dc007166addfdf8730b1e906f5e8dbc1df5c96369638003

  • \Users\Admin\AppData\Local\Temp\DEM6893.exe

    Filesize

    14KB

    MD5

    38c36a84649760f0dd612c4358e6d2ce

    SHA1

    efe495e15458b4d1455a52cbf494d21025da67e7

    SHA256

    6fb6bf58e9edcf1875b92db937d56360657bb5d85500dacd5f3f5b9a74848913

    SHA512

    7c5f89d03d3baa0a7041d9a1d10f53c2c6b5e49246e8851f8e7610a2b361da0418308d1e2423ad87aca47faf3dca6c35f8732f334050f47e71e4ee0a4fc290bb

  • \Users\Admin\AppData\Local\Temp\DEMBD95.exe

    Filesize

    14KB

    MD5

    f805359326ffdfe9d7f5085142ffd902

    SHA1

    48626c2317132ddcb8c3d24358f5bde0fcc7037a

    SHA256

    004536b44b56af65d6fa2c0d5cf8fc48e144077dfe1af619ab3c291a737af2c9

    SHA512

    681931653ab8a769ce7b2f9a6426b586aa5d01524069e42e6b975be3efbdcb9fae72d18335a0191853b95378342fdd122f53790ffe6e9e6fe6d7bbc7656ce6cf