Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

53c458b4ed...18.exe

windows7-x64

7

53c458b4ed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53c458b4ed395f5b0d39bdc8834915b6_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    53c458b4ed395f5b0d39bdc8834915b6

  • SHA1

    cbe66c2b4c92ca1cc80a74199d6d8da8fe481d40

  • SHA256

    5ebfae04ff09cc0126a86bce3c42e01bce6aca4dd87a63c9663a347e52ade99d

  • SHA512

    3aa09a1faeab3854ccc09c3cbebfdc70e1b9c613ccc8984ab0e2b462305af5e7c02c411b9da181b22717ba93286419510cc30ed8b8d07a96ab7087d83d5b2c46

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhRa:hDXWipuE+K3/SSHgxO

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53c458b4ed395f5b0d39bdc8834915b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\53c458b4ed395f5b0d39bdc8834915b6_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Users\Admin\AppData\Local\Temp\DEMB20A.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMB20A.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1272
      • C:\Users\Admin\AppData\Local\Temp\DEM913.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM913.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2196
        • C:\Users\Admin\AppData\Local\Temp\DEM5F51.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM5F51.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4828
          • C:\Users\Admin\AppData\Local\Temp\DEMB59F.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMB59F.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4272
            • C:\Users\Admin\AppData\Local\Temp\DEMB9F.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB9F.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1424
              • C:\Users\Admin\AppData\Local\Temp\DEM61CD.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM61CD.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM5F51.exe
    Filesize

    14KB

    MD5

    bf0aaf6dbba9c27f64fd4c00b3f79b78

    SHA1

    2d461053799fe259a1768ba3191db7392fd26f6a

    SHA256

    32efec9bb5799c674a6b94eaf49a0fe23e6e333fb3ee1bdb804c6b8c7b2fd0eb

    SHA512

    548e42c7d5c5c2875b09ee793b8be08eec7c9bbe1bc45da961fb948a458e774703abf4945c47f02b1c388f259151a550574669ea860f2342561af2f7145afc55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM61CD.exe
    Filesize

    14KB

    MD5

    e16a3598c8b8b0f2165597dec65b7446

    SHA1

    928e81bf9e14493624b31edc6e1af284c5721218

    SHA256

    9d55afded80ff673617860c6f92c92964d3719d3c0f93b51224edf2ee62ad930

    SHA512

    fc5bf9c64fc59f08802185c362a97cf744f2579d6795305bec536d0a9a89be7c227c54cc7745380e7346b86693d0d10280defa88f801465f83362fbc7303f276

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM913.exe
    Filesize

    14KB

    MD5

    b450ff72307312286150f35977c393c8

    SHA1

    f6475a9db886029d312b1f52befeba32747e3425

    SHA256

    aaede8b38c7f5e421cceebd9888f68249d8d34fba8aff9ed926052f3b022f9d8

    SHA512

    af7cb02aa7e705c254fa8dc64d7ce705a29a9e28e9224aeb2eb5688e797ea923831a61e7fd4b6d18daf37642c18dadd8b61e6d37835b62c7e702912075798813

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB20A.exe
    Filesize

    14KB

    MD5

    bdffa61102a96cdbf3198defd31763d2

    SHA1

    5a65fdfbab546ced24f8dc50955acc1fcdbc8d78

    SHA256

    402378a2772bc7b404a479d30ef6f5d7d6b387306e6e74f154da8f5bf426a536

    SHA512

    32aa7bb3250a612e80ca7d3d3826fcf4e0e0a0be007157862f81981500d8954c800bafadeee18cae7cd0376f43f82812f5e43891200f25bc2d65248dd89587c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB59F.exe
    Filesize

    14KB

    MD5

    95332e75d08949adc3b5d864011dc7df

    SHA1

    dcc63f8a07c3a267bc43b9e0621106df35d692f0

    SHA256

    8cd201b117f5b7ede4d1343a7ad76f9d93febae3ab6adf3f1503dc57d2e65315

    SHA512

    260704ffb0c1191505e7d31f1341352d81f88d71fda0e6c01ef8b41c44e3b3a6e9d07dcedd3ddaa0e1e636d8feb44b001998496202933be60df9e788b0c5ae0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB9F.exe
    Filesize

    14KB

    MD5

    19d5ead36cbcc6e0c7272d6e98808ab1

    SHA1

    b5820879cb534b798b53a196fcb214871169bff7

    SHA256

    2cdf66de011db3bec1a971cc718b924958199274ce46364a34bd647c08d6d073

    SHA512

    43161fcbcc5857400f3838fdbf2eecfe8c99f3fe5d1c76077a230c09881431daf988f3d6d9430f829052b958ca24d5ea17bfd14c83c342bb9cd1af2905ce9624

    Download Submit