Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 12:28

General

  • Target

    0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    0aa9a6d929cb60fa85f5542d3e737a18

  • SHA1

    0d709241a7182d93f5d3dd1b0b265e01a6dc45bb

  • SHA256

    ecb796e74a8974001a3bb55512be88dc22ed959bee66af5de984c4d6f1958d55

  • SHA512

    685de6249781c0c2f9d5c318e9c6a1fda65ce73f141079a4636ded47d39a2b5f07df274260fe3125300e36b8d80da0ad5e0ef9c0941c6fb963f552ad139f34c8

  • SSDEEP

    24576:6bfU+VvONDdmDyv8N+JXEZWNNhTUkCYr3JBMPuNV1seRlX0k/616zzyiMcdT51Y8:zuowDk8N+JrNnJJnsebA165z1Y8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118-0698.exe
      "C:\Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118-0698.exe" "C:\Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0aa9a6d929cb60fa85f5542d3e737a18_JaffaCakes118-0698.exe

    Filesize

    222KB

    MD5

    5a8222c703b4a34f2227a652a49a2827

    SHA1

    ba8b1c8f341219d608a0a5a2a2c8d63c19697d05

    SHA256

    17936188efac05a0ef9fd87a79b268445ce307dd37a6f9206d116f195ab049c9

    SHA512

    7b1c200cf96ebb5b660fb11a85e3daf908a6e4d984c90207b5afa2444703fc784897160cf05a4bc592ecd908bf09f8dbd9195a4c0c07f1caef04bbd7c6624d9d

  • \Users\Admin\AppData\Local\Temp\2F3ECDA8\_Setup.dll

    Filesize

    519KB

    MD5

    849f98092dfabece6abeb4e21a519a83

    SHA1

    3044103e549dcb8ba22c7f1daf6e0bf1012eb444

    SHA256

    006d762b6b1921dccf11ff5a9c47e78dff87d69e984423fdef801a8c1cf5cdfc

    SHA512

    e306b68d7fd03258dbbbb0874702ac43ee18538ea3848bf4125e24dce9b834afac90b9d1eb29f20a05a7eb0735d25001e8cedde5dd90aa234e1682e774d2e38c

  • \Users\Admin\AppData\Local\Temp\2F3ECDA8\_Setupx.dll

    Filesize

    426KB

    MD5

    ae5f4292bd15228853f65a1004517adc

    SHA1

    410b32fd3fe4642644ad91ac60c69b86ec2762dd

    SHA256

    1493ddd89d403820da52440647a41f9f9579e8cb806e679a294a2638295962ba

    SHA512

    a89688f8e56b158be817444c8ccec0aad98eb141ec19574998fe5752410b9131bade826a238a6c323c0ff0e25e2c06547c238344fdcb3a210ed36dc332320ce3