Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

17416f7997...18.doc

windows7-x64

10

17416f7997...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17416f7997c337602bdd1a62be41b54c_JaffaCakes118

  • Size

    114KB

  • Sample

    240505-mhs4ksaf36

  • MD5

    17416f7997c337602bdd1a62be41b54c

  • SHA1

    f40cc56fab62e619fcecbda14e7bf6e40cdf104f

  • SHA256

    3eee95e3aa76b5a69f0af4b8f2be5ca3dc1ad9a5a3801cb52ab6c1c3af2b4bdb

  • SHA512

    27c946eabac63893bf930c99c74e7d27cbb8e6f3e60d527d66d4b5d08f00a41fedb7e28630740bfa6933bafb87d044fd46a8fe6abc0e28af91d3f9ff457541ce

  • SSDEEP

    1536:EY9GPST/p0wPIHkwZ8HZOVMDDwUmqD2CufCFr6aEqQmCVnD32+1SWvySdtxN:ZF9RAE+KZycnFImCdvaktxN

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.deepwebeye.com/bIOkIze
exe.dropper

http://www.ensleyortho.com/ES14ezQtPA
exe.dropper

http://www.finetsolutions.com/6X5wMUi
exe.dropper

http://www.gicals.com/QveilV42wN
exe.dropper

http://www.getmyprospects.com/mQOFmMA

Targets

    • Target

      17416f7997c337602bdd1a62be41b54c_JaffaCakes118

    • Size

      114KB

    • MD5

      17416f7997c337602bdd1a62be41b54c

    • SHA1

      f40cc56fab62e619fcecbda14e7bf6e40cdf104f

    • SHA256

      3eee95e3aa76b5a69f0af4b8f2be5ca3dc1ad9a5a3801cb52ab6c1c3af2b4bdb

    • SHA512

      27c946eabac63893bf930c99c74e7d27cbb8e6f3e60d527d66d4b5d08f00a41fedb7e28630740bfa6933bafb87d044fd46a8fe6abc0e28af91d3f9ff457541ce

    • SSDEEP

      1536:EY9GPST/p0wPIHkwZ8HZOVMDDwUmqD2CufCFr6aEqQmCVnD32+1SWvySdtxN:ZF9RAE+KZycnFImCdvaktxN

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks