Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 04:42

General

  • Target

    37bc1ced5a42019420b7c9688785457c_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    37bc1ced5a42019420b7c9688785457c

  • SHA1

    df03f5f489db503b2a87e9da2cb4e844a6f94ffa

  • SHA256

    52f996b3921589209fe2be0ee13e5b54823732bc18b03285e5eaf9b231e9f0d4

  • SHA512

    59aeff12f71227a384d778d9787878cbf6719e9d44b53956401cd9055b41b208cfa0c591b276b15789476a2debbe2a1346188da09271ac4394ed17352e626930

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhT:hDXWipuE+K3/SSHgx5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37bc1ced5a42019420b7c9688785457c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37bc1ced5a42019420b7c9688785457c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Users\Admin\AppData\Local\Temp\DEMD21E.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMD21E.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Users\Admin\AppData\Local\Temp\DEM275E.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM275E.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2620
        • C:\Users\Admin\AppData\Local\Temp\DEM7CFD.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM7CFD.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2608
          • C:\Users\Admin\AppData\Local\Temp\DEMD27C.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMD27C.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1544
            • C:\Users\Admin\AppData\Local\Temp\DEM27EB.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM27EB.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:1812
              • C:\Users\Admin\AppData\Local\Temp\DEM7D4B.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM7D4B.exe"
                7⤵
                • Executes dropped EXE
                PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM275E.exe

    Filesize

    14KB

    MD5

    490f8dfa332745d1dfb7367e5cf46b91

    SHA1

    dd634b7052e8758d2d87d98639a89163d4b15330

    SHA256

    6a1f9eda5330fdf03cc6014040ca7dac191fce781e806b3df610990091b5ec58

    SHA512

    994d5b6c518b4def7047db24ff158de470147dc4f83d423792adeaef0724d4f0384c42a794e654365179be55ed6f36be65ca67e0a4a6b067cfd17e22ee464456

  • \Users\Admin\AppData\Local\Temp\DEM27EB.exe

    Filesize

    14KB

    MD5

    00c5c0d10c4b0509a56b5a93c2e85aec

    SHA1

    3f3bc0b36369118d3fd2c7c9f6352aff091035da

    SHA256

    a36a1fed2906a28752af4243d4c24d9ff342d37401f7d045cd385bd2a146281d

    SHA512

    c28012ec06dcc8632df143d3f8d24c271d593a636b03bbd510cb95b107b80c4b15dadc00b122d2123a5a0cfa450f9b8ce8a09b19204d08a8b069c046c7bbf965

  • \Users\Admin\AppData\Local\Temp\DEM7CFD.exe

    Filesize

    14KB

    MD5

    eab4084d1ac37f57b327accd7cb2de99

    SHA1

    3b6e4e49b828232324ec8bf8abb49f714655747b

    SHA256

    af67e585404fda199d1322b4fb02cb5c7e1779d848cd90f257e64f542bf5c411

    SHA512

    2c6c08da3062c3a60f868da8106ddf99efc9847029934121fcadc6b483baad1637d74de4bd32f8fc8048d5bd8d68b3aa98dfaba813eca80339cfd2175eae37b8

  • \Users\Admin\AppData\Local\Temp\DEM7D4B.exe

    Filesize

    14KB

    MD5

    3802530792578a361f23dfee6ddfb5e0

    SHA1

    a4e29965306c723b7f9b37f402395da984e1fad7

    SHA256

    358d221f0b52c6cbcdbb3fd14381560be2ff1d279b30d23daaefdc6a9f70fa88

    SHA512

    961c9603fd865256c1d14e434f45f8503d86513559776196f55fd418dabc4701c3fc9d5d281ed478d7868f8a6172d574f2951cc398783741e96972831b8489be

  • \Users\Admin\AppData\Local\Temp\DEMD21E.exe

    Filesize

    14KB

    MD5

    ede286f4f789c44aef56a9793cf999d2

    SHA1

    16310e6c6bf438cb6dbd3d81ac059b892b696e9e

    SHA256

    9d5d5ac9c3c183c85c48864784df203d63c0d7c6affdd4ded398f67a62c3760f

    SHA512

    63d368b011f6ca8ecf8e5db3fee5e50947cf293aedda3f3460263e5518543a71b636a184814c6ffa568b60dbc66d4d176d58f9cfea1cb8f1ba1ac402aebb4750

  • \Users\Admin\AppData\Local\Temp\DEMD27C.exe

    Filesize

    14KB

    MD5

    81d48e445443d9c104a29b3984ba86e8

    SHA1

    5b42df772cf8e88482455a9879c243e45455c0ca

    SHA256

    24cecec572ec77efeb23f02bc9f2ef15d1d1e9d522a86d93c291cfcf5fba4cd4

    SHA512

    50da6e3478eb68e21441133b91b46fd8bcc1db90ff1eda9a60c55d465869b1ea94ec40e8ad0827434de8245597d9bd32a2b9c87b715dc5ff8859d1c207910225