Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

office2019...us.exe

windows7-x64

1

office2019...us.exe

windows10-2004-x64

1

office2019...za.dll

windows7-x64

3

office2019...za.dll

windows10-2004-x64

3

office2019...za.exe

windows7-x64

1

office2019...za.exe

windows10-2004-x64

1

office2019...xa.dll

windows7-x64

3

office2019...xa.dll

windows10-2004-x64

3

office2019...rm.exe

windows7-x64

7

office2019...rm.exe

windows10-2004-x64

7

office2019...2c.exe

windows7-x64

1

office2019...2c.exe

windows10-2004-x64

1

office2019...71.dll

windows7-x64

1

office2019...71.dll

windows10-2004-x64

1

office2019...id.dll

windows7-x64

1

office2019...id.dll

windows10-2004-x64

1

office2019...ne.dll

windows7-x64

7

office2019...ne.dll

windows10-2004-x64

7

office2019...71.dll

windows7-x64

3

office2019...71.dll

windows10-2004-x64

3

office2019...71.dll

windows7-x64

3

office2019...71.dll

windows10-2004-x64

3

office2019...dl.dll

windows7-x64

7

office2019...dl.dll

windows10-2004-x64

7

office2019...b1.dll

windows7-x64

7

office2019...b1.dll

windows10-2004-x64

7

office2019...PP.vbs

windows7-x64

8

office2019...PP.vbs

windows10-2004-x64

8

office2019...cn.vbs

windows7-x64

8

office2019...cn.vbs

windows10-2004-x64

8

office2019...RM.exe

windows7-x64

1

office2019...RM.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f5f7f5fac23503e44bef4803ace8517_JaffaCakes118

  • Size

    9.7MB

  • Sample

    240513-n4bl4ade2t

  • MD5

    3f5f7f5fac23503e44bef4803ace8517

  • SHA1

    6a26b009efebdea2441c22cf953a434b85d8d356

  • SHA256

    ddb62fe8611e6e37b8b37413dea5e5f813f441e1601f8c805787a2d94265a8cb

  • SHA512

    82c43c4c8e7cd07af18dc30af2a4897df1aeeec4ca773981ee9f5f584391496b9cc3abf007baded3bc81da738eddd1bd9dfcc25e91e2f51f8b4552a2f06b2360

  • SSDEEP

    196608:u6mnLWnHt+Wk0X7pqfOMqcimG/J47LNaPoFgdw73/HUyjy:u6DHtzkfu53OaGg2j/Uye

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      office2019pjb_9435/office2019pjb/OTool/Office Tool Plus.exe

    • Size

      712KB

    • MD5

      4aed8b9df39b654027e4d73ddd1bc90e

    • SHA1

      7db7076fda281562fea440b28fbb34065a5cd564

    • SHA256

      514aea57740fd6f80b7540314cd1d0d5995e0293e93cfc26daa9b43ee48e739f

    • SHA512

      5dd78d4bd3d39adfe2d641ba03ddc0e629ca4a0eda365dfff8590293bcb30a9dacd7159aff75b1a5835c4d6913f1b263d83f4817c0c8a6f9a13f4b99365e8658

    • SSDEEP

      3072:5qWCiwJ232XGiePBv14nG292hr8F9f4+BFYB0ZDLG2pV1LG3M+LG9RVPBiEh8Sd5:5lUQz499HfeMRjPsd

    Score
    1/10
    behavioral1behavioral2

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/7-zip/7za.dll

    • Size

      240KB

    • MD5

      8f8c8662d50a727eb783b4b6101b1fab

    • SHA1

      38ba68fd3b1d503b2dac3db622c920a53b9b6961

    • SHA256

      7cae87154c752deb52cd7a83fbff4be5064a424916d89cffe3bf3712fa74fc92

    • SHA512

      91488554a54612036b3b04306d5ba165012ae35831ae5d5b79ce8213e58fb04507a7950a6e5c195903d4b1262a5e32dd251ad51ba52d2dca47789538894dbe7f

    • SSDEEP

      3072:XmZDDcpEXd0PJIb7G5wsWK/41lP1sxy5UPLhLt9WdTmZh901MMjrnmV/RwAAAAAV:XZEXi5wsF/0P89+T5rn0VEJf415wfg

    Score
    3/10
    behavioral3behavioral4

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/7-zip/7za.exe

    • Size

      637KB

    • MD5

      e3c061fa0450056e30285fd44a74cd2a

    • SHA1

      8c7659e6ee9fe5ead17cae2969d3148730be509b

    • SHA256

      e0e2c7d0f740fe2a4e8658ce54dfb6eb3c47c37fe90a44a839e560c685f1f1fa

    • SHA512

      fe7796b4c5aa07c40aa2511a987fed59366d3c27bf7343f126f06cb937bfe7a7d8bd6cd785a7e3dc9087b99973e8542b6da7be6eed4585bd3cee13164aed79b4

    • SSDEEP

      12288:MCEg6ksPgamGycPycplunzCke+tMU0gKVDrnI/Anky3ZDH:MCCks4ECO8zfeJ3rnI/A93F

    Score
    1/10
    behavioral5behavioral6

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/7-zip/7zxa.dll

    • Size

      138KB

    • MD5

      ae27db1a0e1e2b338c79af9d74967b7d

    • SHA1

      30f5bc5e12279859043c43a2dbe6a97f57bfebf8

    • SHA256

      dbe966226d1df41c9ab854da3897c0fa99858d8848dd23470edb4974f256c2fa

    • SHA512

      f66fc1244078bf1ba259b87f83d92a35226aa99dbb4c253c62443bc71c54dba155e10b1f781fbbd7c31f48a528821bc588da24d853fdee17cd75ecf8fcb7e35e

    • SSDEEP

      3072:rSYpT3EI9ohKKZ05neKoGOehKZkgx1QYyAAAAA+8R7DL5qTqoU1ys:rjKKKKOGgb5Doe

    Score
    3/10
    behavioral7behavioral8

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/MiniThunderPlatform.exe

    • Size

      66KB

    • MD5

      ef69dc57c378255b9cb240397e330958

    • SHA1

      c53da31492f7a281546a7531999f9a3b4cf37515

    • SHA256

      d8085eed2d4bac6d78a3f66cde18f64dfd11c6466b58fdbaf3ad24f6cd874640

    • SHA512

      d48f3ee6d02d5c8fd895caad481a7df8e82ff7ef0559db9aef799a863e0857e3df5a207b48565f7ccf9b0a4717577a32a09523b6bf8b2f54a5d0327f10c06f02

    • SSDEEP

      1536:gc5k9Y9Zm5dlTeDnS1EM67R7D2/h8+nouy85uMA:gc2em0TS2BdHeh8eout5uMA

    Score
    7/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral10behavioral9

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/aria2c.exe

    • Size

      4.6MB

    • MD5

      717d0f91d78f95fa0e9a43474eff12ba

    • SHA1

      e95f036d1298e564c3cac417d6710abe3f1fdf6c

    • SHA256

      1677867238f99fc42a05130198140fff5ea7d26496b1b796578de671593d280b

    • SHA512

      1cbc40ce7955a11c41f2f7a3739d9378580036d4f90070c1fcca0980d72d87a5299b252259d1bf9308bc43ad090f45e532bddf5647f1aa76332f261532932741

    • SSDEEP

      98304:KeftlmJDBHGh2sA/QLxZ4JgcJUFELuArrPxviWO8CW1VTtzZbwZ6v:Keftlml6wJgCrPxaVjWbTtz1

    Score
    1/10
    behavioral11behavioral12

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/atl71.dll

    • Size

      87KB

    • MD5

      79cb6457c81ada9eb7f2087ce799aaa7

    • SHA1

      322ddde439d9254182f5945be8d97e9d897561ae

    • SHA256

      a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

    • SHA512

      eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

    • SSDEEP

      1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms

    Score
    1/10
    behavioral13behavioral14

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/dl_peer_id.dll

    • Size

      89KB

    • MD5

      dba9a19752b52943a0850a7e19ac600a

    • SHA1

      3485ac30cd7340eccb0457bca37cf4a6dfda583d

    • SHA256

      69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

    • SHA512

      a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

    • SSDEEP

      1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB

    Score
    1/10
    behavioral15behavioral16

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/download_engine.dll

    • Size

      875KB

    • MD5

      c818df90f4eda9a4a048dd656d0a4ea7

    • SHA1

      79d66f736df36b689ae9c3c4fd382d15f1dbcdba

    • SHA256

      677596b043cfe0bcacf19d60ba202696b95830adecdeb2a3054fc625479623ec

    • SHA512

      21382150e1ccf35559c1929d0fb482a9361cff869b500ceaa9c0a07928a66fa9fd28b767346877ffb02b87eea8b3e6e00f658c02243b33cd860adc288c7f600c

    • SSDEEP

      24576:3Ong+jST5mDj6BJGOz36LAtvhb6t6x+8Bv1a:NzM3uZz368tvJ91a

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/msvcp71.dll

    • Size

      492KB

    • MD5

      a94dc60a90efd7a35c36d971e3ee7470

    • SHA1

      f936f612bc779e4ba067f77514b68c329180a380

    • SHA256

      6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

    • SHA512

      ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

    • SSDEEP

      12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e

    Score
    3/10
    behavioral19behavioral20

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/msvcr71.dll

    • Size

      340KB

    • MD5

      ca2f560921b7b8be1cf555a5a18d54c3

    • SHA1

      432dbcf54b6f1142058b413a9d52668a2bde011d

    • SHA256

      c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

    • SHA512

      23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

    • SSDEEP

      6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr

    Score
    3/10
    behavioral21behavioral22

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/xldl.dll

    • Size

      106KB

    • MD5

      b700bd2daf84e4dbbcad96221a772d6b

    • SHA1

      b57cab2d8cfc733d6aacc61a39ce5564db0f7b3b

    • SHA256

      63ae9dd4a504261591f06bd9457d07629155241df615bd46a0fb48e76c5e9d56

    • SHA512

      d573e7b2863053e2b4d81a4a89dcbee83fc079403ab36c54e3e0904a3b5d61d1aff0b8bb32d164e496f8425bf8e40e803480c694506e6e156434b8350b736a10

    • SSDEEP

      3072:/WcKtZ5jVYBrJfbUfCoIydGHoqXUWIoutMsvmd:/WPnfYBrJWIydGHotoSPC

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral23behavioral24

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/Thunder/zlib1.dll

    • Size

      35KB

    • MD5

      57e11cb59cff3bce88681847d807cf06

    • SHA1

      44e79ea0787acfecba8f73360529d760a8e41cf9

    • SHA256

      a21616050ed5f1bb9e1325089b5d1411da8f12e0060280e5ef41f80eed214066

    • SHA512

      fd43895c72d9c2f001dc1105d2d76288df21fa46b7b8bce8ba9c48f49c48d21f49e9da00906844cee465270739a7c5c024ba04399801b515705a343c7209330f

    • SSDEEP

      768:YR6aROh/8QQAwMydtssQfHFfxKmbK6PAraKBHsEoJKSnnbcuyD7UT9rRK:4c8n7bdt4flfxfKvlBHjoJKSnnouy8Ty

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/activate/OSPP.VBS

    • Size

      102KB

    • MD5

      1b12cc712b648c0f05aed3e0ec99aaab

    • SHA1

      2dd149d0ed2c9beb81d8766540e73068084b0161

    • SHA256

      2037f0310fe838fb2aa02cdd2e8cef237aa806ed02cbbe01403772b360577d0f

    • SHA512

      1d3d4881875fc7dbe59ad57e769c9d37689d6f520289a8ffafe5482c3e2a51f913545c9d30b05a4a5316e69b32f2436bee6e24c1854ac2cb117820b94935cc32

    • SSDEEP

      1536:F8fEzb/rgGpRrjDJkCkRFklYfC6YGu/Iy7gz:yOgGpdDJkCkRFkWCs0IC0

    Score
    8/10

    • Blocklisted process makes network request

    behavioral27behavioral28

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/activate/OSPP.zh-cn.VBS

    • Size

      102KB

    • MD5

      5ebefe7d4c390aaa38c7c0ad712d6f52

    • SHA1

      4610e083b7daea66c588412c4bb58fda20bc4a2e

    • SHA256

      b4d4efd25286ba767beb9ebe3bd76c55687dc70eb165dd28f279fa42c9b80413

    • SHA512

      e22f4401ca4748b4441b8f2bfe61170ff8849b91eecfdf7f62856ff8b0c5283e7eef0f359d9a443b5e3ebcc81060e3914f17c7eacb8788e189e9613e349bc452

    • SSDEEP

      768:okOl63JLs+lPbtjQmRxIQsNO7dmwNpEW4PygKlypanrxkV3h20NtMDJI0YlBsYks:UlfEBfdVgjpGrjDJkCkr83lY0X97W

    Score
    8/10

    • Blocklisted process makes network request

    behavioral29behavioral30

    • Target

      office2019pjb_9435/office2019pjb/OTool/files/activate/OSPPREARM.EXE

    • Size

      226KB

    • MD5

      0425533b09f71ee34b65f60219a26f8f

    • SHA1

      374b0a1a1dd454c09699a8dd59cd6af6a93a914b

    • SHA256

      877811f5feb1e7b1a6a0ea692b3b13c8351c08e01883c9a64e0a67e1f571cc55

    • SHA512

      76b36df731c3e8259f449d6d6bf1a54738868ef9e5e00eaee781db6144271cb64e9da20ad520ab10b1046d5fbcddc2c975a5c1b238aae06a70e8944a630f3ac0

    • SSDEEP

      3072:XltriujHqkIZLjFpo9HtpAE3L2O+I6kn49c+MlTbhgFUD2pook/:7riNkWbo9MYL2Oz5NhU1pa

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

bootkitpersistenceupx
Score
7/10

behavioral10

bootkitpersistenceupx
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

upx
Score
7/10

behavioral24

upx
Score
7/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
8/10

behavioral28

Score
8/10

behavioral29

Score
8/10

behavioral30

Score
8/10

behavioral31

Score
1/10

behavioral32

Score
1/10