Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

27a2895316...18.exe

windows7-x64

7

27a2895316...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27a289531660a32c1cec535bee86e28d_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    27a289531660a32c1cec535bee86e28d

  • SHA1

    4abcbd17dfd0731031f31f40475dab345ff70b9c

  • SHA256

    122f58ee576e218087563b2e7010a2cb0324b1c9eb04946773f0e8c96f90fb45

  • SHA512

    47d08df47bd013a0074c8dd062c22145820bec02cdf47b37de237b4eb2c6c7306de96e66355afc4cf0a42e41232b2fa0dc1c46bacaef212787c030fabe9124b0

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhv56:hDXWipuE+K3/SSHgxl56

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27a289531660a32c1cec535bee86e28d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27a289531660a32c1cec535bee86e28d_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Users\Admin\AppData\Local\Temp\DEMAC5D.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMAC5D.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Users\Admin\AppData\Local\Temp\DEM318.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM318.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5056
        • C:\Users\Admin\AppData\Local\Temp\DEM5908.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM5908.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4472
          • C:\Users\Admin\AppData\Local\Temp\DEMAEC9.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMAEC9.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:848
            • C:\Users\Admin\AppData\Local\Temp\DEM4F8.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM4F8.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4376
              • C:\Users\Admin\AppData\Local\Temp\DEM5AC8.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM5AC8.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM318.exe
    Filesize

    14KB

    MD5

    c4e968fbc4c3630cb46808a1576f614f

    SHA1

    e5bcdb6cc544d7778aa8c6569c7788774057e314

    SHA256

    017bec0ceb1cd37710204c55a156c4d7d3a27ca44781827c76650e2d3b0724f4

    SHA512

    3f21495efd73d591c2739ba0a0d7df40089897d3567646196a9360e520be5015e23c582be4cf4368d7dc4fb438e090a43fc30fdb4eb22e378323e2901dfeb95e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM4F8.exe
    Filesize

    14KB

    MD5

    96d9471e4e479b2f8c2525913c8a81f9

    SHA1

    02dadb6afee555b886bfc0f3eee42989a55ae8e5

    SHA256

    7e8358a1bb0f9af751420b2e5840d69844d53cb81d140b1c63b471f231eb379a

    SHA512

    7a3fbbc484538f51fbe9b54382b2a68ef7195496588d813eba04f717baaaebdad9c56ea2139bb4cf46479490f3d2be618dc2d752cee9a22cc93e3bd1b19d954a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5908.exe
    Filesize

    14KB

    MD5

    b7ae511c0502297b0d932ebce7de1108

    SHA1

    de97060cbd5d96eef3a053f4361f30142c17f5d1

    SHA256

    56427076fcee4a6be4ca41f92f06728b8ac829c06e709363ec9526d4656da590

    SHA512

    ca8b412f636b129a098c66aac62e0110ae9b0b30967ae0ba9d5b33317353dbea44794439bf3a69c5f1174cd469c3eadec9c3e613d9380882094c9edce83304e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5AC8.exe
    Filesize

    14KB

    MD5

    84a41ee79bb94269728a6631a70d7804

    SHA1

    34ecc0a0ec548f1f9a605c8d0c08c48edf693bb4

    SHA256

    334dd85859aeb4d9f2a00a55f9e4c8e89cedee4236710c7dc7ebb3b9e7d76017

    SHA512

    3fca138100e7736767978fc800cf10d14df77dd72b9adc6089d424625f56f4b54a077ea56daafa79f39e2ea5b009dddcbb63be6db4ae74be8e93d9d023d252c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAC5D.exe
    Filesize

    14KB

    MD5

    3a96ab5f1f299d4ec3bc13282295aa8b

    SHA1

    1e80000584686f379dc4d6eafd70b0dc0353c00c

    SHA256

    645b439ea359f714805848b26caf43725c9ddc3c18fd9b2ce717c703cbe4229d

    SHA512

    4577bcd1f1af12baef6f9123986fdb1a8861a64fce68c2a29ab2d66245b050b1bd50c6058cce886d792dc9400973b959cd17e6c6ebdef35b64da513bafc66cf5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAEC9.exe
    Filesize

    14KB

    MD5

    4a8c65b731b99042708d2e32dce36780

    SHA1

    94097ca3dc9e613732b217b516c310edec68ee67

    SHA256

    450ddc752edf7700bf050ab215922af7f7c6150ec933a32877338520ae0562a1

    SHA512

    a3059c549be3bbadccc8e3efb0dee75c0e482e854fa9b7139c4ee2c2aab781e19fc66c88ff5322024ec1e19a63dd8f99d680622638f79cb6ce5afb92bbe7b3c3

    Download Submit