Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0f1f1ce43d...18.exe

windows7-x64

7

0f1f1ce43d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 14:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1f1ce43d059062ef8798bf6f7a0b27_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    0f1f1ce43d059062ef8798bf6f7a0b27

  • SHA1

    8143ffb4c07c43eea42287dc39dcd65274fdc004

  • SHA256

    a34146e76587fd5f85fcd4a5285dc8fdb9eb647adee972ca2c40c5d4d8fa4b20

  • SHA512

    786a714b43f9010f2adf9aebdc0de61ed41c81b337ffa022884968d0c89d34680a466afcfec139f04d6e1d3ff0ca16fb43d30123657e40b9decca5f2ddf801d1

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY48B:hDXWipuE+K3/SSHgxmF

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1f1ce43d059062ef8798bf6f7a0b27_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1f1ce43d059062ef8798bf6f7a0b27_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\DEM5F95.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM5F95.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Users\Admin\AppData\Local\Temp\DEMB892.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB892.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1752
        • C:\Users\Admin\AppData\Local\Temp\DEMEB1.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMEB1.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1360
          • C:\Users\Admin\AppData\Local\Temp\DEM6433.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM6433.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:5048
            • C:\Users\Admin\AppData\Local\Temp\DEMBAC0.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMBAC0.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4776
              • C:\Users\Admin\AppData\Local\Temp\DEM111D.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM111D.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM111D.exe
    Filesize

    14KB

    MD5

    6cd10cd06a6a54ff159ca64d6c00d7f1

    SHA1

    c1eb0df6745e0af42a1b4e770cc213ca84ca3bca

    SHA256

    5b4bdbb2289ed3954235fdd40f53dc47e46fab3203dc5b73ac732cd5fea005ef

    SHA512

    3ef97b301b2d249a67de2a9b6ee54ce28cb31a13f851ab222b169e0b4414b964c9a283257bd0c8e9a15e351a977dfdb3cb52a8cbee2d6597e18c9eff7e398295

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5F95.exe
    Filesize

    14KB

    MD5

    9f91ae6cbc004ccfc373679416cfcca4

    SHA1

    f915e9547296e5bbf85361b0f1730196df25e013

    SHA256

    a96414228091c7488e3339ad7ec9d92ce17a3732067a7cbc652a8aba9a9c8429

    SHA512

    7eb466594995b9694d8d7ecb4590199bf112243dfd624c596f8a233982a688cb31d724f535738bb45692848d688cb4606f9ebf750426c3fd472ee5951dd7abb2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6433.exe
    Filesize

    14KB

    MD5

    dd9437e601365e10a334f128b1fdf6c7

    SHA1

    467a517c754942e5e2fd60ccd6d2b0cc379e0e17

    SHA256

    1a5a880a282ae7634497df8f16200fb4c33e871aeed51e730b60260a996c1fa9

    SHA512

    b74c03a6343a96737446ca8bd7abb891292d3a33d5776968186abbdf05077d8c35deeed2f15d3962fba78e21e07debd9124f374f30f6b01327f51e8a48d96b53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB892.exe
    Filesize

    14KB

    MD5

    a9148222d3a14e6909d5643b5b1d7525

    SHA1

    b405b710bf074ff79264ee8fab0176021f21a258

    SHA256

    dd0020fa9bbfa173b2e5bf0f7c188f1aa3275d72001e9e00c5fd2040f94c9aa6

    SHA512

    3a405547af564d82d5f935a668c3784e0917b49f2e1d1f544106efeb6dd613093389cd13142f488d71ea40a8eef9da68feada961421b51b446a4fd7c28b582f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMBAC0.exe
    Filesize

    14KB

    MD5

    245826dda0cae4873f210a8dcd082319

    SHA1

    4b3e459637b7bdd7564b8de10167f2736cd5ecf1

    SHA256

    a30bba438a864beb138b2e8ff3ab7597555721cbdafeaa70dfa4db76be405f27

    SHA512

    6be9fa0fd4def529cb48be3121b47dc25c192123c47c76b72e81b996222e02280ce8bb8a92c4725c5e74349a80775d7a2bee91314d3db19fb3d93a654a600e13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMEB1.exe
    Filesize

    14KB

    MD5

    03e715138aa5162be1ceb073e780777d

    SHA1

    d3cf7be628b5e7d2693ab486718193e138d5ec6f

    SHA256

    c48b50aa28b9c8607eaba33b28a9c8ed2c0c718096fd3aea1d1453eec4405921

    SHA512

    d8a5d888639a1fdff14e1c783ef51235b36a44c06dd1cde35397c7d29744f178b919b01c8d9f02ceb49de33d58ee1bb4f9f681b4c76dda3c66d2a5b0489632ea

    Download Submit