Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

b04cb8c751...18.doc

windows7-x64

10

b04cb8c751...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118

  • Size

    324KB

  • Sample

    240615-1vfwnswcqg

  • MD5

    b04cb8c75132e7b7f124a9c37d6d941d

  • SHA1

    ed54bfba16dc2daf227cf6be8a951faef2e7552d

  • SHA256

    c6f1277b0484041ffff4e2a826a725a38aedcb7bfb55e2bc3c2b7ab47d0b29fd

  • SHA512

    fc0f2d875f954460e0ceba97521608d7627579d91b81d4e4ddbb9e6d580e0abbca3157148d64bcae0bd9bc8fcac799648b2e2b4bd314f9f355cfebe44a9d8edc

  • SSDEEP

    6144:SG5/BnVfRFJ7KK9aHScdX9znGU+1W2+JkZzZAeRs24C+44NEXvpSTYF6ik:S2n9R/lA5dX9znGU+1Wct/4x44NEB7Fg

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://159.89.153.180/jbgdP2PAlac
exe.dropper

http://ketanggungan.desabrebes.id/PYDKI4f4dEx
exe.dropper

http://gando24.com/akACCpMfqwHCN
exe.dropper

http://laylalanemusic.com/ZYn33EV8HB3mN_I8xn
exe.dropper

http://35.244.2.82/1sqwnVupMcFHi

Targets

    • Target

      b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118

    • Size

      324KB

    • MD5

      b04cb8c75132e7b7f124a9c37d6d941d

    • SHA1

      ed54bfba16dc2daf227cf6be8a951faef2e7552d

    • SHA256

      c6f1277b0484041ffff4e2a826a725a38aedcb7bfb55e2bc3c2b7ab47d0b29fd

    • SHA512

      fc0f2d875f954460e0ceba97521608d7627579d91b81d4e4ddbb9e6d580e0abbca3157148d64bcae0bd9bc8fcac799648b2e2b4bd314f9f355cfebe44a9d8edc

    • SSDEEP

      6144:SG5/BnVfRFJ7KK9aHScdX9znGU+1W2+JkZzZAeRs24C+44NEXvpSTYF6ik:S2n9R/lA5dX9znGU+1Wct/4x44NEB7Fg

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks