Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

852fc4978a...18.doc

windows7-x64

10

852fc4978a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    852fc4978a99b4ecdd7516cf6e264def_JaffaCakes118

  • Size

    246KB

  • Sample

    240530-2t99kacg9t

  • MD5

    852fc4978a99b4ecdd7516cf6e264def

  • SHA1

    aa5367684c2128a303d2560a5bd07205edbe4400

  • SHA256

    4f0bb94fa14926b05d3da90d10792207ae3555da2b98044b62da97d42b603fe4

  • SHA512

    c1a590d6d251993bf67c255f1062fd379eee2712ae1e02204ad158230cada8f514d5e2e562bdb9a6ac2ee513853edead595ab6c44902a269997ac529056fd780

  • SSDEEP

    3072:WH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5AyXJm9YBmjDzelOP3l0zTq:WFVeEsjdXRC3jexGG63YWofzes3azTq

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.dinafiler.se/0mG1fU7ud/
exe.dropper

http://www.atfaexpo.vn/Messages-2018/f7fc54gDI/
exe.dropper

http://anantaawellness.com/TFLLjCZ/
exe.dropper

http://www.salmix.com.br/6k7mXEEF/
exe.dropper

http://www.geckochairs.com/H9gozcqlX/

Targets

    • Target

      852fc4978a99b4ecdd7516cf6e264def_JaffaCakes118

    • Size

      246KB

    • MD5

      852fc4978a99b4ecdd7516cf6e264def

    • SHA1

      aa5367684c2128a303d2560a5bd07205edbe4400

    • SHA256

      4f0bb94fa14926b05d3da90d10792207ae3555da2b98044b62da97d42b603fe4

    • SHA512

      c1a590d6d251993bf67c255f1062fd379eee2712ae1e02204ad158230cada8f514d5e2e562bdb9a6ac2ee513853edead595ab6c44902a269997ac529056fd780

    • SSDEEP

      3072:WH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5AyXJm9YBmjDzelOP3l0zTq:WFVeEsjdXRC3jexGG63YWofzes3azTq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks