07a07a322896260a673c60a2e3e2feb7eb67165817f8f5a573badca9d38b262d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

47862b4a1a...18.doc

windows7-x64

47862b4a1a...18.doc

windows10-2004-x64

Sharing

General

Target

47862b4a1ac4c7185661f98596d390c3_JaffaCakes118
Size

92KB
Sample

240515-xdz2faef73
MD5

47862b4a1ac4c7185661f98596d390c3
SHA1

cd0ccaa209f51ee26bf013493483c1e6f4b037f5
SHA256

07a07a322896260a673c60a2e3e2feb7eb67165817f8f5a573badca9d38b262d
SHA512

0ec09dee0e13318ba83451b5a8772a3449bd7c68e1ab85322af578b9bc308e50e1622338db2d80aefb5a430a94e83331f415266df969ea31d4121035012b7121
SSDEEP

1536:M/hBBrgqX0znmj6Ii+ag1oRItrq78L6zHfk:yfBrgqXsnDVae7v

Score

10^/10

execution macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

47862b4a1ac4c7185661f98596d390c3_JaffaCakes118.doc

Resource

win7-20240419-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

47862b4a1ac4c7185661f98596d390c3_JaffaCakes118.doc

Resource

win10v2004-20240226-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://prproductions.com/7b9UkJ/

exe.dropper

https://fotofolly.com/bridal/O59Q/

exe.dropper

http://jpol.com/vkwfM/

exe.dropper

http://rodcastro.com/V0iuJG/

Targets

- Target
  
  47862b4a1ac4c7185661f98596d390c3_JaffaCakes118
- Size
  
  92KB
- MD5
  
  47862b4a1ac4c7185661f98596d390c3
- SHA1
  
  cd0ccaa209f51ee26bf013493483c1e6f4b037f5
- SHA256
  
  07a07a322896260a673c60a2e3e2feb7eb67165817f8f5a573badca9d38b262d
- SHA512
  
  0ec09dee0e13318ba83451b5a8772a3449bd7c68e1ab85322af578b9bc308e50e1622338db2d80aefb5a430a94e83331f415266df969ea31d4121035012b7121
- SSDEEP
  
  1536:M/hBBrgqX0znmj6Ii+ag1oRItrq78L6zHfk:yfBrgqXsnDVae7v
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy