Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 10:37

General

  • Target

    3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    3d074426b1e62deb53df423539bfb19e

  • SHA1

    a789216a0888725858b04398ce5057669270816a

  • SHA256

    7d7c0024d937fd9b3150ffb61116b3c1dfcd55a4835e40beff216bb4e134584f

  • SHA512

    419c49ad0af62ee6265888b7494c3e9b0a355919ccf48d83f515f385d7b4cf8d248b5ea7a0d4f83088cc4819d6ad67e91c20895d0fed6c231c183ff19e409517

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhvGg:hDXWipuE+K3/SSHgxlGg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Local\Temp\DEMB4DE.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMB4DE.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Users\Admin\AppData\Local\Temp\DEMA4D.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMA4D.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Users\Admin\AppData\Local\Temp\DEM5F7E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM5F7E.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2684
          • C:\Users\Admin\AppData\Local\Temp\DEMB4DF.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMB4DF.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1676
            • C:\Users\Admin\AppData\Local\Temp\DEMA1E.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMA1E.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2016
              • C:\Users\Admin\AppData\Local\Temp\DEM5FCC.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM5FCC.exe"
                7⤵
                • Executes dropped EXE
                PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEMA4D.exe

    Filesize

    14KB

    MD5

    5e0e853a785256fdc5b2c601d3737daa

    SHA1

    8901f64d123418a694c81ea97fea5f546c123615

    SHA256

    e12832b347bbd21fe11750ae13d21003c6396b81f200ff7e2b44639e70281160

    SHA512

    726abaf60a0312a296f151c38dc805a078b09f0d85073141526f368492588ec5bafd392312b1ebfbc636b46c60d1bbf88ced2d7edbae9256588b97d9526cf121

  • C:\Users\Admin\AppData\Local\Temp\DEMB4DE.exe

    Filesize

    14KB

    MD5

    fe1c44a75086342295b8232c26857e57

    SHA1

    c5f632c27f0639efee5216c3fd57d87812de691f

    SHA256

    2d0078b09681ef4fa1386ae7409caf3da7edc140b0b43f0a54198a62c343449e

    SHA512

    47f85800fe74c576ee29fd84adac43291608c2f9d197767d48caf39e591c056a98be44b84925cdb47e826bec854fd9140ee437ff2b6be9a7aaf76e6b7fcf70c5

  • \Users\Admin\AppData\Local\Temp\DEM5F7E.exe

    Filesize

    14KB

    MD5

    44b5cc6a16c6df28e57a4cfe0d1be143

    SHA1

    d745a252ff4247f27833f04f0eaaac8f4e28aa87

    SHA256

    4363256d7334722ba25620cdfed3ee4a799f07d9447ff5f634d39220317b09b4

    SHA512

    053e17919e46ec25ecd1381bb7cf5e0872db1670d44dfdcdbffa9652ab03a0898d0f9c9e4420b1613bddafe8175bb7fbb87216cb25a3238fc9b782407705f198

  • \Users\Admin\AppData\Local\Temp\DEM5FCC.exe

    Filesize

    14KB

    MD5

    8f9985feaf4cb60cdc42034165db5294

    SHA1

    b37b8c43c47e0349fb6f3434f202070b4463a285

    SHA256

    9e98c596dcec76cf564782e19b8d27a0f46ddc7b9d669940eca98066e41177a5

    SHA512

    53a78456f264d296ed5d6cc6169a74c38f10f3409926fdd6e60da5395c9f2ff25814482ac728e3e13d04c488efd693afa5261f0fe0c69dc30cbd6045c0da077a

  • \Users\Admin\AppData\Local\Temp\DEMA1E.exe

    Filesize

    14KB

    MD5

    9b8c36ad42aacbc6ec285f43f4dddda8

    SHA1

    8d8ea839d1951f60700e098d6b04d1a6d9e9617d

    SHA256

    dc9a32196de499ac93b7ad8b62733a802a3ba7275b711e809390da0362b19b4d

    SHA512

    093f9dcfd7a39a9594414e3c7192d82bdd19fbd689e370ded126b7384735f4b3b57789709a3936118d44f4bfb0372edbc166312173984d38cd149e18e8d86644

  • \Users\Admin\AppData\Local\Temp\DEMB4DF.exe

    Filesize

    14KB

    MD5

    eb1dc009754010c672d41be94411be8a

    SHA1

    657b75c025f06e47eed057201a3b7407c7f06aad

    SHA256

    74e25ecb1c00e0ebc9da197eb231cb80907b21375f99378a1168680bdce82b5e

    SHA512

    ab841e76bec063f43b0746e5bc076c71be3daf42dc277b04d84e56c1681397b20ed4e1e2804d5f28c00d0f370fc5d8d88c0191ce02a2460069779a766846926d