Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

0bdb04d6ad...18.doc

windows7-x64

10

0bdb04d6ad...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bdb04d6ade94309db5aa025d012ac7f_JaffaCakes118

  • Size

    67KB

  • Sample

    240501-p7skfshe23

  • MD5

    0bdb04d6ade94309db5aa025d012ac7f

  • SHA1

    48302c12594e09eb8abe458523cfe04a9741b62e

  • SHA256

    c67d226da6e85679f17b75dc0d668fc59ccacd2503b35e5e18a1d8824a140333

  • SHA512

    7f3af4014ee89882bdfc26d2b4b8b35ad76611ff21307d2b2efa55b4822ff876b867957a98d42da893534e339737bfbb694fd3ead7f0f32fe3c25c8ac0ab19da

  • SSDEEP

    768:UpJcaUitGAlmrJpmxlzC+w99NBC+1on79royxoJ8v:UptJlmrJpmxlRw99NBC+anep

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://develoweb.net/1Fd3
exe.dropper

http://bahiacreativa.com/eu
exe.dropper

http://atlasbackground.com/f0x
exe.dropper

http://adams-moore.com/ep
exe.dropper

http://erush.nl/y

Targets

    • Target

      0bdb04d6ade94309db5aa025d012ac7f_JaffaCakes118

    • Size

      67KB

    • MD5

      0bdb04d6ade94309db5aa025d012ac7f

    • SHA1

      48302c12594e09eb8abe458523cfe04a9741b62e

    • SHA256

      c67d226da6e85679f17b75dc0d668fc59ccacd2503b35e5e18a1d8824a140333

    • SHA512

      7f3af4014ee89882bdfc26d2b4b8b35ad76611ff21307d2b2efa55b4822ff876b867957a98d42da893534e339737bfbb694fd3ead7f0f32fe3c25c8ac0ab19da

    • SSDEEP

      768:UpJcaUitGAlmrJpmxlzC+w99NBC+1on79royxoJ8v:UptJlmrJpmxlRw99NBC+anep

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks