Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 06:50

General

  • Target

    JaffaCakes118_f9feddb8d9d2e15ef6a9d53e7014a152.exe

  • Size

    13KB

  • MD5

    f9feddb8d9d2e15ef6a9d53e7014a152

  • SHA1

    97bed1b600d6d402db7e53de8a3681e5d5918537

  • SHA256

    03f5bb9657f3509ade7b7c9d998a11f7f922489aa8de906fa94f70c5487c2901

  • SHA512

    71e48c41901fc3156fad55c2f5c8878d455c2d326ab47fafc04e65e4efb720970a05c9a49c8d6db6511292c55619d413a299c068e3874bf3ce59f36a56a2d680

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhbuQK:hDXWipuE+K3/SSHgxcQK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9feddb8d9d2e15ef6a9d53e7014a152.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9feddb8d9d2e15ef6a9d53e7014a152.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\DEM232.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM232.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Users\Admin\AppData\Local\Temp\DEM57A2.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM57A2.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2892
        • C:\Users\Admin\AppData\Local\Temp\DEMAEC6.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMAEC6.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2248
          • C:\Users\Admin\AppData\Local\Temp\DEM4E1.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM4E1.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2836
            • C:\Users\Admin\AppData\Local\Temp\DEM5AEC.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM5AEC.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2632
              • C:\Users\Admin\AppData\Local\Temp\DEMB155.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMB155.exe"
                7⤵
                • Executes dropped EXE
                PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM57A2.exe

    Filesize

    14KB

    MD5

    5d7c3f4f4ee4428f1eb517b15ff3d14e

    SHA1

    3e19bc76c47ae3b7c1cbe2abf29207327d0dedb1

    SHA256

    ba0450826e901043fa7e852bd8f3aea7edbe7be6390f77379532ed610458ab09

    SHA512

    d821e102211f7603911f4b95ec320ffc34567d105a1b95899594693a82319e5cf1fae932b00924f8dfba1a6cff3a34297a5d1c6aaeb77e9354ec335b8da52a51

  • \Users\Admin\AppData\Local\Temp\DEM232.exe

    Filesize

    13KB

    MD5

    84a14d79cb9d019cd6027fe7e3b4fb09

    SHA1

    213da4a98059275e032c784e0d205197f10ba251

    SHA256

    d1af51b19ad1a18138a168ccec7fd1c908665f4ed7a07a86a99342de779c3ef7

    SHA512

    c246172374b91835d0cd4fa6523dba96217d4b8df755d717e5530a52aef6c0cb5db75c3f158e53f2e76447338c1f9f230363914d1c342a1d625a05b6edb2151c

  • \Users\Admin\AppData\Local\Temp\DEM4E1.exe

    Filesize

    14KB

    MD5

    dc96b752fc9c298a112e0a7bb29df63e

    SHA1

    cdc16b74833bc4d7704a0193b1076dca1d635b55

    SHA256

    e723344c68bc120f90cbb410402c60bc48e9a36db89e90f5b24b95e1c336585d

    SHA512

    226c89cf2108f03d4619bcb7098742a0fa8563089856b23f2dbb64bf2afd047a7c8ab550271b6ba2c618aced241979ab7ade48f4b31b4bcd4a5df6e965629982

  • \Users\Admin\AppData\Local\Temp\DEM5AEC.exe

    Filesize

    14KB

    MD5

    6ea7c0a7dded8b02530e1bd3d8c32776

    SHA1

    76addb9b3c82402ee497dfc59197d60a6d8115af

    SHA256

    ab45369d922b6eb3d9dd345f835122e759bdafc64db7bbad6dd366bfa1600c86

    SHA512

    c6de704b5409254eaf3fec34c735a7ed0a3c9d3d340336bb83e31db6aaf83e27780a1e802a5540008d56c41cd400440826cf1da96e2461dd1618284d5c5ac091

  • \Users\Admin\AppData\Local\Temp\DEMAEC6.exe

    Filesize

    14KB

    MD5

    76ab3b392f1a56b7e9e90e186530436b

    SHA1

    fb52bdbcc74ce7698c9e503a2592af6b46430e0d

    SHA256

    6aa31b7ee0b742648b2ad320929d2c657cfaafbd201fa903823769ac53b329e4

    SHA512

    fc66030edc436e39cdbe4e8b8960e2f5ee578949493aed57b18d99f47a57b4bdc128ffdea1bd6b1a6c7d3c5a9e24c1fd995331e1d03befe45d7d520e33591f0b

  • \Users\Admin\AppData\Local\Temp\DEMB155.exe

    Filesize

    14KB

    MD5

    aeffe90da567e25ed38b41609250f203

    SHA1

    efe3eb6ff8e62fc6cefffe00e621d6e1f8588bc8

    SHA256

    389c5dbe96f518b8986a73707ced3d20721e043f44785a5dc4b633c1c72dc50e

    SHA512

    622b148fa7bd18ebce2ba9fb16536ad48e37bf91cd82ec501331d2349dad3b3195d2522073c7071d42852e3ea8cdc83c3eeac5ef4147e218fd4f3013f6e1c6ad