Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8b435334e1...18.exe

windows7-x64

7

8b435334e1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b435334e13e9a27dd172ef3c52f6c24_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    8b435334e13e9a27dd172ef3c52f6c24

  • SHA1

    20ccf41bd50dc86d6201ddbdc7f8371d537e8f1b

  • SHA256

    8c2f939e420cf3362e1105a36f9e5ef7ff17ef1fa6dc252a7284ddc07d5a8c21

  • SHA512

    b8b4c31e8546d1cd3d11575939684502271d196fadb819570eb8e3618308c543c92e7f0e2a0a88628c4531db5c42a1c65999cf7dea099ca6a778eed09e6cf183

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhS0:hDXWipuE+K3/SSHgx00

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b435334e13e9a27dd172ef3c52f6c24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8b435334e13e9a27dd172ef3c52f6c24_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Users\Admin\AppData\Local\Temp\DEM6F92.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM6F92.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:216
      • C:\Users\Admin\AppData\Local\Temp\DEMC64D.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMC64D.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Users\Admin\AppData\Local\Temp\DEM1C8C.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM1C8C.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3704
          • C:\Users\Admin\AppData\Local\Temp\DEM72D9.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM72D9.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3912
            • C:\Users\Admin\AppData\Local\Temp\DEMC946.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMC946.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:668
              • C:\Users\Admin\AppData\Local\Temp\DEM1F84.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM1F84.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM1C8C.exe
    Filesize

    14KB

    MD5

    2738257d9cd932d8755807856f15fe08

    SHA1

    523e7df4efcf9d43a0447b5361ffe8956e76ee4b

    SHA256

    cd1efc4e8f6f46b1d4a817501c737107c911083d02da7ea8b9f2f1ba0b01d3ed

    SHA512

    6a4df1c56708c9fb436128f93925ad9b09f1e340e0abf972e7f0d25f04bb948e66afc374d70e44b1b14748a9d4b6dd475e350871e02b46c744495bb1cc1d2a60

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM1F84.exe
    Filesize

    14KB

    MD5

    5df9d489d256e0a583c5b1970e2ab973

    SHA1

    29091b02aa26e72faa1987a0b1f5d49db0883cfd

    SHA256

    022716c92e2f997de44d13cbd8a26fc03e1ba89e6da7ea19eabc28f76a915137

    SHA512

    556faf3e53845053b6af2d197b9e30d66e9bf689bde4d2c5074ee3c6a1ddc978f9f0d1880be4298c7dbcbed734cc66a125c452ce4c7ab7fdabfdf537b71434f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6F92.exe
    Filesize

    14KB

    MD5

    f8bbc1da3c64de6f36aa02f75e518b8b

    SHA1

    75741f471fe7f7b3100a642b56474922a9ca3961

    SHA256

    ecde1f11bdcd8206a64c274bf6c2adfd35785b02defff259bc11b9d84afde549

    SHA512

    288cbdd71d0ec85c452e5d40043835407daa8a6aadd462857a757e60bf3fcd1a00335532d6fc4a099a870ad6e80d07a717bd7640b04e8e1f02e58a413e370519

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM72D9.exe
    Filesize

    14KB

    MD5

    2302ef095b2c4c925cbe0b2c4d038ace

    SHA1

    523a2b13a88ef76fb8ff9695d960797bb7308360

    SHA256

    2200bc1c9b36c659f8f87d49cdf93343ae766ffaaf2b206855b76c4356ab44f6

    SHA512

    150032c53912ae047e083e15904fd43df27af4d3583c6f76b73e2effe138e5a2d84df41c510f43f7c011984602da52388570c621a518c13be34db6f6563f9def

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC64D.exe
    Filesize

    14KB

    MD5

    c25818d509b1320ffa6dd7ae94d01123

    SHA1

    eac932469f9dcdbb5b117af5f67192270a8b3233

    SHA256

    b35b55e180aac55163e48d674ed12cc208ae088ea179e5aaf65f9a0ef6885204

    SHA512

    f3a607716b01d29e460ac4b2670863646201434fe6d2b5362b0f0fe020e5229b904c9e70198aeef509bc1f72871a1df5db6a541ef0f92dc53b33c5e44339ad82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC946.exe
    Filesize

    14KB

    MD5

    7550a629be7a5a9940109a870b6e6a95

    SHA1

    b46ee9319151b7fce732c55ffa0082fb8e5973a5

    SHA256

    1a34810fa71e7146892522bdd1b7eab5ad3e483454c84c0d5e635575ed76de00

    SHA512

    5ee239f8e5794bda69fafdd293ede2b75a69d9a722db237814056a6890a34e9e063ef3bd405d681454606ceeba57c500ae4aa4f55f7f331ec6f008e4de295eac

    Download Submit