Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

023784baa5...18.exe

windows7-x64

7

023784baa5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2024, 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    023784baa5a1fb0ba65177ce08d80492_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    023784baa5a1fb0ba65177ce08d80492

  • SHA1

    b200b7e6f150eb6659aedaabd449030e6fe101f4

  • SHA256

    191f696f3aa5e6222a4c40b8f7ed49b8a4f7a1b4101973e81e2b98fcd9247845

  • SHA512

    60a0308133cb27895df67324a01208ed43e4c036b22fa86c1733fd8bba99f8ab280cc3d64b8cd27dd1f60815e2b3becd4d6068d28dd216fba1ba37515ff42d2a

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhJP:hDXWipuE+K3/SSHgx3P

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\023784baa5a1fb0ba65177ce08d80492_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\023784baa5a1fb0ba65177ce08d80492_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Users\Admin\AppData\Local\Temp\DEM8DA9.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8DA9.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4468
      • C:\Users\Admin\AppData\Local\Temp\DEME3E8.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME3E8.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2012
        • C:\Users\Admin\AppData\Local\Temp\DEM3A83.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM3A83.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4492
          • C:\Users\Admin\AppData\Local\Temp\DEM90C2.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM90C2.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4892
            • C:\Users\Admin\AppData\Local\Temp\DEME72F.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME72F.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1564
              • C:\Users\Admin\AppData\Local\Temp\DEM3D1F.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM3D1F.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM3A83.exe
    Filesize

    14KB

    MD5

    6b7cc18115c472d63c83156b9f6643a9

    SHA1

    05cf97fc6e8dbdd65f7979ff496ecd770a268537

    SHA256

    57e26889fc6dff34337c827052c2fc5123e9600f87078688e952f90489a9c24f

    SHA512

    ba3edb94e0fa7c345fedecf35d8c6fc4e8e80d21df15639f4d1ae87bd950527fd7ef2a55fbcda1d2706f8fc2bdacbcf021e5389cf11a09a2a79881e67cd7972d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM3D1F.exe
    Filesize

    14KB

    MD5

    b61a738657ae6c0a0d36a33cc2904611

    SHA1

    668732cf1b14e8b75c6d1ea70fa88bd917b70d32

    SHA256

    14b2e582908773e1264ccc97ed6f1dfcf69e2b4486dfa910598f271feea2fa68

    SHA512

    c7f789cb52350f12ac8bf4ee95cd48155fa4774d7c4c90db6e7afb6b16c71a803cae2a1def268618ebc834218eb13c93e81c06511641195578500ee4f7e1e54b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8DA9.exe
    Filesize

    14KB

    MD5

    6f21b0ee8a4d2ca014d96deedc6d17b1

    SHA1

    2817d2b4a1a8bbcb39d920990e2227d108d2b786

    SHA256

    9c5b9201827f2a18b56283db57bb24eb8639c05fcf7578538114727093355929

    SHA512

    1334734e06e6080b8457ae132324e494a5758f22124cf62be785c34692f5c310a741009e05ce2474d9b613179989dce3d6ba6deb96c50615de3682c8f5e10ba3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM90C2.exe
    Filesize

    14KB

    MD5

    015f2dc68edbec62cb42b32e7075956b

    SHA1

    9949e2729584cdb4d7773e0240445106223905ec

    SHA256

    aceeb84acd93e7dc23c70ed24c35aa276bd59586e78024b36f8432cdfe6f678f

    SHA512

    bcbc6abee8b66842b0f05aa0c018118dec19a5af2b2990a730de812d62564a0173ff1eda188af2e94ac2a79f7785809311e7a3f402dffdbafb850806e76a404d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME3E8.exe
    Filesize

    14KB

    MD5

    3fbf72db3019439dd9a481132e1d7609

    SHA1

    6489102f54573287e5d00a0ec2cdcea805c71b17

    SHA256

    3e955c99a8e3dfbd2206994d3c001670e17aee7d2911e6784e5e68b373358cda

    SHA512

    6456381e2eb7a7f9b40da66feb2ec2ec31cb5ca711bd3f370e9bc4c8230a176b39363fac398bf6774d1598922ef401048f79b9b5922627dd47d44cd92775d9c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME72F.exe
    Filesize

    14KB

    MD5

    cbea1dfc085d620f93858b20ebbfa126

    SHA1

    f1b2c501bcccdad23881799d42a4b027da1b9e66

    SHA256

    e7208e8ae6ba081b2cc54d6492d6a15b64b93dc379c20404e63b6e7d9412faea

    SHA512

    a864a52d73ca150f22be1ba74f930f3752cfafc75c95d291e91fcabbe4d644f4685a6a1474a764b5b3902f275a8e4500c47166ae1bd5ed25e8acc2cf752089ae

    Download Submit