Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 06:42

General

  • Target

    JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe

  • Size

    20KB

  • MD5

    f9d1a277b59230d9739d5fedecb6ed8b

  • SHA1

    b61d7caad9552eb9ace84c77c4fa1c6850cb6484

  • SHA256

    254ea2fb1c31685e634a26c379a2742661901686f1a0fdf38fcfc8060d59cde6

  • SHA512

    ff238e9980591b71e1abaa91b86914a6870a2da4a41c4d9dfe26ac63f66766532babaaf603c482abc73ac9da4f15d2741d4a1db0ad3f018470cf05c93ab868cb

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4PRSV:hDXWipuE+K3/SSHgxmHZPRy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Users\Admin\AppData\Local\Temp\DEM8881.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8881.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Users\Admin\AppData\Local\Temp\DEMDE6D.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMDE6D.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1728
        • C:\Users\Admin\AppData\Local\Temp\DEM339E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM339E.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2468
          • C:\Users\Admin\AppData\Local\Temp\DEM891D.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM891D.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1908
            • C:\Users\Admin\AppData\Local\Temp\DEMDE1F.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMDE1F.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1152
              • C:\Users\Admin\AppData\Local\Temp\DEM336F.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM336F.exe"
                7⤵
                • Executes dropped EXE
                PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM891D.exe

    Filesize

    20KB

    MD5

    1264db6af317c56ad6c5a1b03b991b2e

    SHA1

    8c87ebbfaa6334d12579925b18328363e9728ba5

    SHA256

    8e49ad32b41997fdbb4220b148cf7d2a494bfe201af19d89d468bd2ffd91a2b1

    SHA512

    c57ac3d2e97f5890394e8eb04ac1b8793eac6b9b9e0eeb76edd9683f43c770b377ddc796ec7afdae602052105ec76da20004da347eaba0b98dc8dec2b23f9a96

  • C:\Users\Admin\AppData\Local\Temp\DEMDE1F.exe

    Filesize

    20KB

    MD5

    f7b3104b60c163669c8de324c3000b35

    SHA1

    392ad98d368a16669bfa9e2e89c8071ca07178c2

    SHA256

    6b6924d21c315f74fda058eef0f76a62f502debe86bbe7c0b6dd776d06b645e6

    SHA512

    063ef743ce61989268d7c0e3e2ebdbc0066f309f341a8fd1380d636df2e247d8732802a2dce85e54faf0e759f3cfea3b6ef69852a6676fdf002ca63bae356221

  • C:\Users\Admin\AppData\Local\Temp\DEMDE6D.exe

    Filesize

    20KB

    MD5

    f0671f8b95f9a18cb977a4d365c2b689

    SHA1

    56f029585f36d5e26b4bd704306b3870a20749b7

    SHA256

    41d12293bed94e610cddeea808a7f7ac95b53b576071f290ba04ea0c580d5339

    SHA512

    0a7721a379928795eac26f69142bd3c4d755249986ae4b2f50118302aa98d2f5799ad8e1fbc31919db3ae4bfd7a966358596b781b1dbfbeb23ea3e2e84a2473b

  • \Users\Admin\AppData\Local\Temp\DEM336F.exe

    Filesize

    20KB

    MD5

    a887ba0334b38d279d2363ced40c62b7

    SHA1

    54313d716bc3e3ce8a300a353caec9633bc2d7f7

    SHA256

    7cfcfbdd281eabe49f682be3b7a719d1ab44630bdcd2cb9be3fc0e2bd4e6d12b

    SHA512

    eed2955409161ae2ff4b6a7a83c388a8699b7a8022c8d64f308e2edc1f3bb44f1e02ee6d501f0fd483cb2ccd74aeaef3829faaa1248e6ce912b5ef77c64c7cc1

  • \Users\Admin\AppData\Local\Temp\DEM339E.exe

    Filesize

    20KB

    MD5

    8432deb48a20f29373818c7e5d830b43

    SHA1

    7b408f6bd3a2a4b23dace171d58e4b80a6778932

    SHA256

    f836473733d71a20c88af22df5662c7cfb55132cadd3e72ad1876127922815c6

    SHA512

    26ee4823b3e4e69b785eb7f089470670c0248dce1835596f7f83189038390261157349184b8d24f3b1e2b545ce932dfe6835448f47b6e4f0c8101401534fbb59

  • \Users\Admin\AppData\Local\Temp\DEM8881.exe

    Filesize

    20KB

    MD5

    6e5458590a4e3d89af38a4a463816fc6

    SHA1

    895a84bdb8b1cd60aeb11375e7ec1f6b665853b8

    SHA256

    7e2bbec656d91192b42f2a532e665c8ca675507b3efb2d4146cb87ec79d4674f

    SHA512

    d7a06fa1464f235a71b315568863879b92dccebad5b39e3133eec263852b736203396056de536acfe256febb2330022b29e0b8fd4deb45422ca6f14cfee7b025