Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

778e36d466...18.doc

windows7-x64

10

778e36d466...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    778e36d4666cb974072baed674317ab2_JaffaCakes118

  • Size

    77KB

  • Sample

    240527-ch39facd9s

  • MD5

    778e36d4666cb974072baed674317ab2

  • SHA1

    02a82a2f3e193884c9f2a530ca6b777102939e98

  • SHA256

    b310420513b142dbff7001fb48a391591d97ffc1ed7564805c978fe60a971c51

  • SHA512

    089d9a5988459062a736e14446d536f46385437da2faffe00e651cfdcaae6b1579b1fcac25b1ffa1040adf955e0bc182e353e746cb4e773c80ba8355b32eda1b

  • SSDEEP

    1536:3nptJlmrJpmxlRw99NBq+axRc6MT4I6Dhl93tCX:Zte2dw99fHn8

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tresillosmunoz.com/2HB
exe.dropper

http://tonyleme.com.br/8l3XcSKQ
exe.dropper

http://sg2i.com/wwG
exe.dropper

http://lunacine.com/CQ
exe.dropper

http://www.yuanjhua.com/OwUzt

Targets

    • Target

      778e36d4666cb974072baed674317ab2_JaffaCakes118

    • Size

      77KB

    • MD5

      778e36d4666cb974072baed674317ab2

    • SHA1

      02a82a2f3e193884c9f2a530ca6b777102939e98

    • SHA256

      b310420513b142dbff7001fb48a391591d97ffc1ed7564805c978fe60a971c51

    • SHA512

      089d9a5988459062a736e14446d536f46385437da2faffe00e651cfdcaae6b1579b1fcac25b1ffa1040adf955e0bc182e353e746cb4e773c80ba8355b32eda1b

    • SSDEEP

      1536:3nptJlmrJpmxlRw99NBq+axRc6MT4I6Dhl93tCX:Zte2dw99fHn8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks