81e82ca86ebdac978dffeb26fbea7c54ce708b0346f465316234145f23d75372 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

7d44686ad0...8.xlsm

windows7-x64

7d44686ad0...8.xlsm

windows10-2004-x64

Sharing

General

Target

7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118
Size

596KB
Sample

240528-rmh7dshh36
MD5

7d44686ad010e6c6a56a9c1762667b7d
SHA1

defcebe402ac31697d3c210f8396fc10b7556cf4
SHA256

81e82ca86ebdac978dffeb26fbea7c54ce708b0346f465316234145f23d75372
SHA512

573f7b05cb08e403ef52a3da5bfa6058f342b5f1bea750df3e3e65a8e271bfeb54520d6a7259fe953d3a40591e142bde69360721c77ec4eb2488f3779d22ea9a
SSDEEP

12288:ZLW+FnvexqD0SoENuJUDcrnGMOAiKe6EbMVLD:ZC+Fn2QDpuJUDcCMOAiEEsD

Score

10^/10

execution macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118.xlsm

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118.xlsm

Resource

win10v2004-20240426-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://mcma1.com/greatness.exe

Targets

- Target
  
  7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118
- Size
  
  596KB
- MD5
  
  7d44686ad010e6c6a56a9c1762667b7d
- SHA1
  
  defcebe402ac31697d3c210f8396fc10b7556cf4
- SHA256
  
  81e82ca86ebdac978dffeb26fbea7c54ce708b0346f465316234145f23d75372
- SHA512
  
  573f7b05cb08e403ef52a3da5bfa6058f342b5f1bea750df3e3e65a8e271bfeb54520d6a7259fe953d3a40591e142bde69360721c77ec4eb2488f3779d22ea9a
- SSDEEP
  
  12288:ZLW+FnvexqD0SoENuJUDcrnGMOAiKe6EbMVLD:ZC+Fn2QDpuJUDcCMOAiEEsD
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy