Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 13:54

General

  • Target

    41f409f7f853c198ee1a73acc64ca3e4_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    41f409f7f853c198ee1a73acc64ca3e4

  • SHA1

    f52355cd0479094c04cda4e06c4486b206ce4b5f

  • SHA256

    b2718d570befc61049085c53327d990f3b742b20f950f638e00cfc737ea7cb85

  • SHA512

    b3fc5c9349488302b0cd2ddc154128a9275703aa848c36aef593197214b67219b9b3e6e1c89ee7afe46f557d337a1e46b4a94b271f40eaf359176bf705ef4bec

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yho:hDXWipuE+K3/SSHgxW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f409f7f853c198ee1a73acc64ca3e4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\41f409f7f853c198ee1a73acc64ca3e4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\DEM9DB6.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM9DB6.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Users\Admin\AppData\Local\Temp\DEMF2D7.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMF2D7.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2636
        • C:\Users\Admin\AppData\Local\Temp\DEM47D9.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM47D9.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Users\Admin\AppData\Local\Temp\DEM9D0A.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM9D0A.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1216
            • C:\Users\Admin\AppData\Local\Temp\DEMF23B.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMF23B.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:948
              • C:\Users\Admin\AppData\Local\Temp\DEM475D.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM475D.exe"
                7⤵
                • Executes dropped EXE
                PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM47D9.exe

    Filesize

    14KB

    MD5

    3b3950705be31486c20aecac4b3d3fb8

    SHA1

    8efc02b5d58b047a824a04bd842470848a914427

    SHA256

    a5c9448bccea3292c1f28cd7dacaf897f76d1435cb2d455bf4636803f1b32376

    SHA512

    998dd41abc002c59b4d1020cc497cb786daa2582712bfd1f8552fdce66cb423abe1a9cfeedb2751e1a4b41c8a2f7c474e0767e687688f5bcd0f549534f8a6068

  • C:\Users\Admin\AppData\Local\Temp\DEM9D0A.exe

    Filesize

    14KB

    MD5

    482f54bbf5f60aa5211433fe0c74c2fe

    SHA1

    c125345fcb2ad1f5935e36e715a93b0952145887

    SHA256

    4d63e65791836dfe3bb3e0f35f396f106ab1e70db059dc6a5489f3ef4c9e964f

    SHA512

    f3a6f580ff544f9cc49ac40f5c4b69caabb3747258e217781cc126645ae405aad53fcafb0da3e12e0c26e070f40c7850a28463e0bf2885ba4f03528b0f954ef0

  • C:\Users\Admin\AppData\Local\Temp\DEMF23B.exe

    Filesize

    14KB

    MD5

    9b1813aa9b26a32b9f1658df56771641

    SHA1

    6baff2778cf07614bb9a9747cbb0ce6944ef2a1a

    SHA256

    9f8518a704407e779821652647503f8f8c11d68c6fe24fc2058856d3191b3df4

    SHA512

    a615fffcf3ba97c66c0fa42fda551373d0a2dd649587774103c8deaa0cbe261c9ae321a505d4beb925cc25799d52ac6556c3681a328824611461df24dfe968fd

  • C:\Users\Admin\AppData\Local\Temp\DEMF2D7.exe

    Filesize

    14KB

    MD5

    d36731e85bd44977ef2b44199c11c828

    SHA1

    8faa2c5a40aa87b048cf1901f3232d1c9e73598a

    SHA256

    fb314ce69832c384e6b642123e7783f9fc1937aef40863715795dd5289f8bea5

    SHA512

    63016e8a5976dd7a0d3682d0639973dc95d511b77874dc1fa034fa3d88c1755e693d15349eda96506b0c1440d9e023d33737151f61f8112e13439af1be7f9542

  • \Users\Admin\AppData\Local\Temp\DEM475D.exe

    Filesize

    14KB

    MD5

    aea85d77ec5a2bd679ac01f526d26db8

    SHA1

    5b6d5fcce2c3bd6f0f5edf14f6e02441a37a9da7

    SHA256

    a26ecea70b3a0171e6e6b273549187073c1b0e617ee93706e9d66ff3a44a79c1

    SHA512

    c823e2bd3e44c6be6352d016cd800f012d04c57e980c6022c8c55b8bf184565b9c4b281630344cafc3622a8bfdc64d78034744dfa1ef66c3dfec3d9b8487a0c0

  • \Users\Admin\AppData\Local\Temp\DEM9DB6.exe

    Filesize

    14KB

    MD5

    1374f7eac5a16a34068f72f00aa21d24

    SHA1

    b722e7d5eb53bba3916d76e0cc921d2bc3db11ff

    SHA256

    67576e2ecb3b24ec235efb016f983e85272580ce42b531490e6a71ad836d83c1

    SHA512

    e081c3e6e220dc3d2a43fd4cc8d3d6fdf6bfef8326a8fafe9bc640390a81be97033740e582b81b8a0022ee73e1a9c750d3a975edcce3dc00ba3a75e59580a802