Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

7623f0cc18...18.doc

windows7-x64

10

7623f0cc18...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118

  • Size

    311KB

  • Sample

    240526-vbss8sdh78

  • MD5

    7623f0cc18f557e80a9f934fab0f2223

  • SHA1

    65d5404df155aa0751fc7dc9ff1ce9490d72e928

  • SHA256

    5d60ff40f922e9d528ac267a9751891267e6d2bdee390e9f48fb2126fd5f01a8

  • SHA512

    c480832d2982c6b81bc111c2667339756fecfb18fc7e09c6be22c56988d1914340d675f97473292bef5bc02133a26b44dccb55ccaeea8dd9ba59c03a8a037668

  • SSDEEP

    6144:dG5/BnVfRFJ7KK9aHScdX9znGUS7Hy7OziB2KiAcD4/:d2n9R/lA5dX9znGUuGbULAC4/

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://balooteabi.com/11FwasoQDp6Byb
exe.dropper

http://bignorthbarbell.com/75AixBQLQ8_DbrdTc
exe.dropper

http://ortotomsk.ru/XmaxodB
exe.dropper

http://bietthunghiduong24h.info/fxTYTjQ4B_X5
exe.dropper

http://91.239.233.236/eRR8zYJVDDEXiR

Targets

    • Target

      7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118

    • Size

      311KB

    • MD5

      7623f0cc18f557e80a9f934fab0f2223

    • SHA1

      65d5404df155aa0751fc7dc9ff1ce9490d72e928

    • SHA256

      5d60ff40f922e9d528ac267a9751891267e6d2bdee390e9f48fb2126fd5f01a8

    • SHA512

      c480832d2982c6b81bc111c2667339756fecfb18fc7e09c6be22c56988d1914340d675f97473292bef5bc02133a26b44dccb55ccaeea8dd9ba59c03a8a037668

    • SSDEEP

      6144:dG5/BnVfRFJ7KK9aHScdX9znGUS7Hy7OziB2KiAcD4/:d2n9R/lA5dX9znGUuGbULAC4/

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks