Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

JaffaCakes...f8.exe

windows7-x64

7

JaffaCakes...f8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2025, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_fa042f188b060d63d27dd6d1f388f6f8.exe

  • Size

    14KB

  • MD5

    fa042f188b060d63d27dd6d1f388f6f8

  • SHA1

    9c944f2d63b630ab37f969bd54bcbaec767759dd

  • SHA256

    904e7cddf61a5b66323a4677485d50ee9443b6ce69625c062d0239735824871a

  • SHA512

    c715af28bb63946bda4a76e564b145fe61bd98b897bf269e1c684d60b9ebb4283ad789dd95fcef4dfa4948da29dc116ec169f6321cc1f7ca8a4ca8d962f80792

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhhg:hDXWipuE+K3/SSHgxzg

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa042f188b060d63d27dd6d1f388f6f8.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa042f188b060d63d27dd6d1f388f6f8.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4296
    • C:\Users\Admin\AppData\Local\Temp\DEM7436.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM7436.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:716
      • C:\Users\Admin\AppData\Local\Temp\DEMCB8D.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMCB8D.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4888
        • C:\Users\Admin\AppData\Local\Temp\DEM2239.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM2239.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1944
          • C:\Users\Admin\AppData\Local\Temp\DEM7886.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM7886.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2916
            • C:\Users\Admin\AppData\Local\Temp\DEMCF61.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMCF61.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4764
              • C:\Users\Admin\AppData\Local\Temp\DEM2560.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM2560.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2239.exe
    Filesize

    14KB

    MD5

    8c8e301903f9a7d254cadb90afe2bf81

    SHA1

    0092070f632dd767dd6cddb59f3517b0931127c7

    SHA256

    976265e1d99d0bc6cd5da3ac3b3a0d97c3e3d4aca1e2457642df87b887b4839f

    SHA512

    7b530389db3ad0c8d97a12a017cc368e36b29796f9be41b78a5bb1e5e4f17ea893e91fe99ab874847e9fd028c8a49ccdcbe80c7f4b030a6f6cf00c22f12905e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM2560.exe
    Filesize

    14KB

    MD5

    a36ed5ed44ca163b8ff9c079805f5232

    SHA1

    ae5350832c64626e4b3084dc4dac48922acf0a1a

    SHA256

    cf93ed6091ddb1eb7033007d8a2684beed9988898b39ba6618d5965b06632b7b

    SHA512

    4ea2ac5e82b83a463818f162ac9eab5e8b7cb45a919a78d7580b057bd15691b1a0b39ed30fd81290eb54f7221e36877a21f9275dc565fcb8e1888cb3ed330a2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM7436.exe
    Filesize

    14KB

    MD5

    7dfaac5ab20c357c9fc548c8bfca610c

    SHA1

    68570aab6226a6526bac7e2f72915a82201c225d

    SHA256

    d0a4f3a38a33fd928f91828c4a23ae952b3c1aeaa83bebb3010c5a465ccca5cc

    SHA512

    5a34bd38bdf29d9dda6c5335f6b5da1f11a0ed256147b08ce99565767a08b2d6c991c5d43fbd5b8d18582b15e38b892b27820ca07d764f48ba6a2abc77c91644

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM7886.exe
    Filesize

    14KB

    MD5

    0c3007005d951a6be51b683bc11cd1cf

    SHA1

    92147e984fb76ad3062a3ac75dda0c250b39cc7c

    SHA256

    bce02f59737c6fb654166df8484193fe751c668600d0877bb30dd1cb52a8fbfc

    SHA512

    76be26940e3bc52af81d02a4ec2b6cc3be5b2060090e2c7c6df4de1249546fc896287a031010701111f135b34610406d882407a76db1e05bf91c196b4c139709

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCB8D.exe
    Filesize

    14KB

    MD5

    06a7d87145af705277f815861c5cb873

    SHA1

    d75262477e254d00a451fafeddc6fe9737973ff7

    SHA256

    f0459facba83b8d827d033f1932d0b17b697d1fb41f569807c12ca6a9dc61d63

    SHA512

    384213f877beb520eeb9f4981199c84ec76d27f8125945c2c5d7c5ec3a5599111a9afb90fae9f68ccf85bc9e2d9ddfcfa6175743c65b9aa07b9b40e01ca4ed14

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCF61.exe
    Filesize

    14KB

    MD5

    c795cd5997bd0a62dca9006cf3162707

    SHA1

    bd9e71db9512cda44704e71499ca129bf3ee9f5c

    SHA256

    df797da69c525319de53daf6626e1461e9348951d8b26e9b3a9a30b99abbbcb4

    SHA512

    a4f468b2940ce5db6e48424922413f6909cc835d8c94b4b31db67caa6b26dd22d3c0015947c129063a668c30b58b5dfc63c6ff33f8a3cd0154bb82e80f2d81c7

    Download Submit