Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 06:48

General

  • Target

    JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe

  • Size

    14KB

  • MD5

    f9f7c996d9d37bf4ff3a2a12ef235fa4

  • SHA1

    6bde65981ad37dede323033d29bfc15cabbefac5

  • SHA256

    eac81d1cd5b67eb31b73b1835a3a0f19e5465a3371d39a361aa5d2f95e78f635

  • SHA512

    f419f5a5660f8853a9f231f2b9026ca83b3559c26faf1fc979f7766bb83b7507e5c241df6bacd81e41f7ba83574fc3cda9a0c3d12d8b3507f775906efd9487a7

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhX:hDXWipuE+K3/SSHgxx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\DEM6142.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM6142.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Users\Admin\AppData\Local\Temp\DEMB693.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB693.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1512
        • C:\Users\Admin\AppData\Local\Temp\DEMBD3.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMBD3.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2604
          • C:\Users\Admin\AppData\Local\Temp\DEM6114.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM6114.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:336
            • C:\Users\Admin\AppData\Local\Temp\DEMB635.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB635.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1152
              • C:\Users\Admin\AppData\Local\Temp\DEMB47.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMB47.exe"
                7⤵
                • Executes dropped EXE
                PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEMB47.exe

    Filesize

    14KB

    MD5

    5acf8ebc200a2a1f01bab693c995581e

    SHA1

    64233f3288a89be135e6616d13815589f7785d67

    SHA256

    e992f4c998d198fd3c3b4c04a81267267091768898957f700ec4936afd5871d1

    SHA512

    606457b577a151e31af7304899c4c7f1b880a82802605364c03535f753252acd90ad8fbf73e5f35dcae6dfdeac0b3671a90a5ad8d52d99daec67979bd9774386

  • C:\Users\Admin\AppData\Local\Temp\DEMB635.exe

    Filesize

    14KB

    MD5

    59ecc85e6c6c0dbf6e3a6e978df5e763

    SHA1

    8eb111e89e1c319b4a73f5965d79dfed5e0748f8

    SHA256

    8d322ddcddc55ebd711d19d310e9baa14045f93a090cf8234c501dd92658b989

    SHA512

    3ecf919812fd88c8b4282bf99f5867eaaec6a8ce90507ba507e2e7f42ac16e8d2bcb162125c51cab16901d129b7004b0ba20b8894f81ed3502bb2a1341af4567

  • C:\Users\Admin\AppData\Local\Temp\DEMB693.exe

    Filesize

    14KB

    MD5

    adada66b26fc31536f17cc2a112b9c5d

    SHA1

    cec4c69f12a256f65e99200ee958b9216cb7fb64

    SHA256

    2833a9e26a302a8d62ec7d51d9f01c098f90c59dc58b5f4a6e29d7da4fe7ba12

    SHA512

    22cf91549a55b38fe312f8f62b52dbd52258b6f0b31ae6b2ea5bb11a2ddc4da4d2bc368393069d9b87dfb236d92d485c506568c610e9ae3e45487036a7eed07d

  • \Users\Admin\AppData\Local\Temp\DEM6114.exe

    Filesize

    14KB

    MD5

    f7811e086d174776c9613dbd8efa18de

    SHA1

    46f723137164e59555ed0a0060224f60b40cbb91

    SHA256

    0b3cb9da1d532e601299e01032736c8ee470e9968e7c849ff8e908f655097962

    SHA512

    0a6e55d47fcd9e10b5fef336e1f99485c450fa193e26541d4f4470abd7b03cfa8873a68706ba34cff17d0f596a1e09eb0894b2d4afbae391f90d51c8772bd3e4

  • \Users\Admin\AppData\Local\Temp\DEM6142.exe

    Filesize

    14KB

    MD5

    7826f3688a4dbe78c0235723386806a9

    SHA1

    85d2f1eb7491624818d5978fc778934cd4e58f80

    SHA256

    7c71a75c7d61c973e98e8475a483148006e3e24d153c26455ac902426ed297cc

    SHA512

    83372617cf2cb427d3b1540f2676e84960caa995d867129af5a0aaf3b30c24682649f9e295232ded587dbdd1816517bf6ee8ae6c9bd4958da99a50997de42476

  • \Users\Admin\AppData\Local\Temp\DEMBD3.exe

    Filesize

    14KB

    MD5

    63dd45df35d73a6ff0fffa568dd042fa

    SHA1

    f007085a7d05d72d24f53d9d755b67d3c013872f

    SHA256

    d83b865781fc04902b9895654ea64bc86a46eaf310352dd2a905221caa27d18c

    SHA512

    bd746884882d79516c870664a0be1db29777aa0a639cb6558fafb13b973b36351dfb8c403b4dafe9f7fd9d9eb57465ea1737fd73748b940ed2f082ec213cf095