Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

2c99275ab5...18.doc

windows7-x64

10

2c99275ab5...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c99275ab5366567f8ddb005b1347e58_JaffaCakes118

  • Size

    232KB

  • Sample

    240510-bheqeadb44

  • MD5

    2c99275ab5366567f8ddb005b1347e58

  • SHA1

    1eba4b2478789e30b11cb3c01abe51a83c3b87ab

  • SHA256

    b5ced3fd9b5203a48e44f9df4cb09216c9527f2bdae51b0d7ee1a53e51c12350

  • SHA512

    589a5bf6cf0be6e65ab1b504b78d2df20d7b7f79406e261e82e83bdc8f6e13e4f37cdf81d621da5a0b3e3a27a77ede52586beb35419ca287c6b97f55510b575f

  • SSDEEP

    3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkpS2FpTw2yDRj:AHgtEWPsL/aTyT9GkQ2rTw2yDRj

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://rochelldiy.com/ucigm/d_8_kv/
exe.dropper

http://sh.m.sxhpyy.com/special/c_eh6r_m97/
exe.dropper

http://hx.sxheping120.com/zt/ixq_vc2ru_xv6/
exe.dropper

http://tf.sxhpyy120.com/a/k_q_wc6o2/
exe.dropper

http://selectadrive.nl/wp-admin/ek_yve_bgtxm/

Targets

    • Target

      2c99275ab5366567f8ddb005b1347e58_JaffaCakes118

    • Size

      232KB

    • MD5

      2c99275ab5366567f8ddb005b1347e58

    • SHA1

      1eba4b2478789e30b11cb3c01abe51a83c3b87ab

    • SHA256

      b5ced3fd9b5203a48e44f9df4cb09216c9527f2bdae51b0d7ee1a53e51c12350

    • SHA512

      589a5bf6cf0be6e65ab1b504b78d2df20d7b7f79406e261e82e83bdc8f6e13e4f37cdf81d621da5a0b3e3a27a77ede52586beb35419ca287c6b97f55510b575f

    • SSDEEP

      3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkpS2FpTw2yDRj:AHgtEWPsL/aTyT9GkQ2rTw2yDRj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks