Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

29806262f2...18.exe

windows7-x64

7

29806262f2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29806262f2866ad3834e4d5856f4b198_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    29806262f2866ad3834e4d5856f4b198

  • SHA1

    393940584268acc11b92498591b125ec5a3f39b5

  • SHA256

    cb0cb5250c490f9ef86765e509f7eed24e094bbccd7682290ee8ba216a293ec0

  • SHA512

    6fb6ccd48ae0588b048a7d4c7d2c591b4cbecf7448820681380b21802bd613423fa68ea21e97ba2cb88a59ff50cc13c5f192d2d8370fb7c003fa1ae4c145b2ef

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMxA:hDXWipuE+K3/SSHgxmHa

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29806262f2866ad3834e4d5856f4b198_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\29806262f2866ad3834e4d5856f4b198_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Users\Admin\AppData\Local\Temp\DEM809A.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM809A.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Users\Admin\AppData\Local\Temp\DEMD6F7.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMD6F7.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:436
        • C:\Users\Admin\AppData\Local\Temp\DEM2D45.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM2D45.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4836
          • C:\Users\Admin\AppData\Local\Temp\DEM82D7.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM82D7.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:5008
            • C:\Users\Admin\AppData\Local\Temp\DEMD8C7.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMD8C7.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1680
              • C:\Users\Admin\AppData\Local\Temp\DEM2ED6.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM2ED6.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2D45.exe
    Filesize

    15KB

    MD5

    7f9026fceaee43db517e219b150b2671

    SHA1

    2148212de01fca95f34868471de09acc25f7c8ec

    SHA256

    55c9f1001796333ae9a395a956a82a06595f0e63f96f8235dc1129e498ac2887

    SHA512

    dd075b9ef4be856c6afcd1a15e9cd986ab1f8f21428da45fe20f8f2868bf24b07fe8392c81870f48a3dd99f944451d063becc0c33f4317d629b2fb7a97939372

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM2ED6.exe
    Filesize

    15KB

    MD5

    e5dc471d604df739acc1030c24931d73

    SHA1

    2c09a1cf52dd7c74e6df26d4b94ba85a1091efe7

    SHA256

    456c76342fb6902cecf29d7b5867e56f0dc0606fd9988dbeff3d9c507f563358

    SHA512

    ba22ce02ba3da58b79b65e030f743e6907eec2342736a6c953f231eb8c559c239304468842715a6f1e8386f5c1dde8d2917d27342e85288b3bf23cb444a025ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM809A.exe
    Filesize

    15KB

    MD5

    8abb0cc0c659bb61a6d8cee4fcb71497

    SHA1

    026d4eaf92a79d0ecbde07a005abb1d4a9ab8556

    SHA256

    a0e31a677bb4e60367af07f6f3461241b23b95fcb1a3e7507f4ad9aa61f68e92

    SHA512

    c23673d7d489b5cf763744c38936ab06d2645afef2ebfc46d90fac4ce4e70a0fd14f056994c7b902a498abe606fcc921181f1eaf111551f9ab58bd72fc718fe1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM82D7.exe
    Filesize

    15KB

    MD5

    13157dfdfd294155f37000b684970d43

    SHA1

    b63c799b4a5d7f9460bffcabc6e4b56d385863c8

    SHA256

    860fafac23c88d95a8c08c390580a95fbb1557215ead4384e6ebf8b61955f03b

    SHA512

    337030c19fcfb220dc33c34f54567e430ef9d0618f20a4d8bf942d1739467384256cb0e9ac6c0d35b350c0ae35cabe5439002e9afcc5ff6ae09c0ef97b1478cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD6F7.exe
    Filesize

    15KB

    MD5

    8f557668ece6527eb46448f71a21d676

    SHA1

    223a8a510b85ae81dbc1b4d4fee5bd8e2494f80a

    SHA256

    5e71c8bd65a980d34441309d629ad1697864e6bfc31ab4dfd063af836b6abaf1

    SHA512

    390453e6315b00fcca3227464fb4696b182ba435be3b6ef57af8fe2b2f392ef5899a06719d714fc95bfda553b80401130d846e9670fe23fd8d66ce24f2ddce2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD8C7.exe
    Filesize

    15KB

    MD5

    da8f89e8e4b6e8f8b306a47a0d268c9e

    SHA1

    2a8b92f2b5f8749fca95775842a9c56501d93c8f

    SHA256

    422738bc1a17c84fed6dbbaa86f03c76c7fcf8df53527cff353085b76688db99

    SHA512

    0157dc4b9f986de36618398594af9dd21ed8a42f377adb552ccab718f48c84f97f097b853650776269b44bb933584cf2f2dfa7f60db5c448691e2f4899d705bd

    Download Submit