Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

12db75176a...18.rtf

windows7-x64

4

12db75176a...18.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2024, 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12db75176afaac40a9964c4e2d34b2ad_JaffaCakes118.rtf

  • Size

    5KB

  • MD5

    12db75176afaac40a9964c4e2d34b2ad

  • SHA1

    a9efb6215a9e590b2fb0103387f02c17574db77c

  • SHA256

    8b89092b941368be8b1bbf5ec53f439f198712338ab2165d80c941764738efc7

  • SHA512

    5e9811c982438b6a6f7f532ae2ccf15fc2cee04504da61790c5e53fdc96d2455acc3f3a2d7107fb39a819721f3c9e60d3361569d89bd315e067839b886cf62a5

  • SSDEEP

    24:3Ro/cDiG++h5NZEWkWuhxUiUHEErYURtMM/aE0lwFaBLXDLpBk4P9e86RVBzEQR:3zDa+YWe4EEUU7nilwELTLPk4le867

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\12db75176afaac40a9964c4e2d34b2ad_JaffaCakes118.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1348

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      e02866968735579131d82660822e00d6

      SHA1

      619f43790ccd6ae3cc05fb4ddd5312e702e4b22c

      SHA256

      3bac75fe2e5a19bc2cf79b9c412a2ec36bbf48b9a5001b1a9eb903344a2b721b

      SHA512

      ea3e4b4343334619bb27493ced0a7ad756884c1b32abe54d2522c89a29d04cd9ab0ad72bd212277df3104083a7b9fb3ee9572c36ec2c6a5d2ecfb770577ee89d

      Download Submit

    • memory/2032-0-0x000000002FCD1000-0x000000002FCD2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2032-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2032-2-0x000000007129D000-0x00000000712A8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2032-5-0x000000007129D000-0x00000000712A8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2032-29-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2032-30-0x000000007129D000-0x00000000712A8000-memory.dmp

      Filesize

      44KB

      Download