Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

JaffaCakes...8b.exe

windows7-x64

7

JaffaCakes...8b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2025, 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe

  • Size

    20KB

  • MD5

    f9d1a277b59230d9739d5fedecb6ed8b

  • SHA1

    b61d7caad9552eb9ace84c77c4fa1c6850cb6484

  • SHA256

    254ea2fb1c31685e634a26c379a2742661901686f1a0fdf38fcfc8060d59cde6

  • SHA512

    ff238e9980591b71e1abaa91b86914a6870a2da4a41c4d9dfe26ac63f66766532babaaf603c482abc73ac9da4f15d2741d4a1db0ad3f018470cf05c93ab868cb

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4PRSV:hDXWipuE+K3/SSHgxmHZPRy

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9d1a277b59230d9739d5fedecb6ed8b.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Users\Admin\AppData\Local\Temp\DEM70CB.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM70CB.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4404
      • C:\Users\Admin\AppData\Local\Temp\DEMC7C4.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMC7C4.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5112
        • C:\Users\Admin\AppData\Local\Temp\DEM1E60.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM1E60.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3856
          • C:\Users\Admin\AppData\Local\Temp\DEM747F.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM747F.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2432
            • C:\Users\Admin\AppData\Local\Temp\DEMCAEC.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMCAEC.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2872
              • C:\Users\Admin\AppData\Local\Temp\DEM212A.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM212A.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:1468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM1E60.exe
    Filesize

    20KB

    MD5

    a53b3fc2aa9dac7e1ea6f14a91d81637

    SHA1

    c27020485373644d84e9a7d1ec82ba51a0f255f7

    SHA256

    523b64784239ef8a3515fafd91cc6f5858b045c3fcff7513e0ea0f4ea66edea2

    SHA512

    b70b4bfb22f9ef16d7bf7386466245306f670c7a2065c39a28f6da74fee3dec16fe4bf9d4590930cf6d2cd0a4d16c3668ca63b14768cc0f5d9c01718a6deb0d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM212A.exe
    Filesize

    20KB

    MD5

    dec09b359b5c6d859a3a592ab9b6efe2

    SHA1

    1a6ac2853e1ecfdbe2acdec12f62a947c3ff66dc

    SHA256

    cdca843b429e1b37768d2991c936e87cec20c1de90bf9ee8da2b8ef742080e0e

    SHA512

    84619d9d9d3acba665b5a5bc945f1664861f71ada40650176b2254dc024b2e713e4e565d57bd11ab228370689ef01739775637185ab1ee195bcb4746cceecbe0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM70CB.exe
    Filesize

    20KB

    MD5

    97fa9902c63aea9a37ab9fb44b5e704a

    SHA1

    d971933e60f0b416417059db8d36690e0cf66b90

    SHA256

    9d566ac6078bce7aced80d29833a6bc8067f596f877f69520926bc3cebee2a09

    SHA512

    71af90396c53dff3b582caa1b5fcd52c14f14683d25c635664255426a25944d6e1b11ce3561e13e20ee1768374bf34dbb51dfaef20ab8c23b259bd6bb8c787be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM747F.exe
    Filesize

    20KB

    MD5

    242af6111a88dc700a808d9d81451bce

    SHA1

    70f81250da924f4fc5f93d6bcb9d75285a825740

    SHA256

    bb599de0d0189c24fe99818a1ff9f71311dd5d606619b96a2ce28191c71b1af8

    SHA512

    faa223bb68cb46a8f25ede034a919a445968b985b1ca8dd0b91208b422897d76bec38cb3191c9b48fe3ab5c27ddd0356c40373904e89df9a6935ade9289b85f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC7C4.exe
    Filesize

    20KB

    MD5

    53296efa7eceb4b3aee85cd68d3459aa

    SHA1

    4396d8f3d2088a048d440d3826b911545207fad2

    SHA256

    c8d12365ba3da63805a0e01836c33aa52c68c792af36cc2b62d75fb15d811b93

    SHA512

    bf36ea0aaf83643b6a6e59bd7f1073a19042a761e1c50b947961d556561e5144e61cbb573f0ef9ea545165c13c7495d224ff3ef60ec144e1b337d9968ffa157c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCAEC.exe
    Filesize

    20KB

    MD5

    02aa29f452b93ebde62b3415441c66b6

    SHA1

    f0c55687de86d58a670ff20a4813fc754dbb2d92

    SHA256

    50a42e6befdbbe91382c102d7ac470ec46ab0d71ead8e14fa613131547614817

    SHA512

    72d425eddc67b714dae474f98ca9306ea3bd6b22205e62e062f93a76bb220edace923ed961e93b2740caf955f4dbd626676d2d7ef744ae7d9598e998f43a759f

    Download Submit