Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 07:36

General

  • Target

    13f20e9d4b552601d7a88a803d857af3_JaffaCakes118.doc

  • Size

    45KB

  • MD5

    13f20e9d4b552601d7a88a803d857af3

  • SHA1

    feb110ac2d91d4a53d719a6aba208997be9e8325

  • SHA256

    33c5875098aa892827dfc86e762bc5c8d45fc7c9262865aac60ff64b8c06a135

  • SHA512

    723b053e0ed90930a18317095c16ef35f3691a2feda5d753403809797a31f4f7427276218bb0fe0914018bdfcf71d8da6ad65eaf64fcbb80a6a09299b37189a8

  • SSDEEP

    384:yMO2hfW732RenLOmWq5ve8NcOoHgugzZ2uKDUdfB8Bp4zmkc5L0Xf1ec9:yR2hfU3ygOmWq5vPqguuouApxwt

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\13f20e9d4b552601d7a88a803d857af3_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1892

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\VB2675.tmp

      Filesize

      4KB

      MD5

      a11d601e2078d851b0b218222e869cfb

      SHA1

      6df919cf12a01c863616caf206ebdbfba4c3a6b7

      SHA256

      92664891ef16e805cd94d7c6d2e143dc01d89cdd18d831c6a07ee062369f1923

      SHA512

      3953e6b14f09797e610aab39bd087c6d6e754ab933edafec0fbf111a599434155de187c317ee0fb4a25de6d5c6761804b1a420b7c98cd90bbed00052953115cd

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      27KB

      MD5

      eee136a4be1a69c1dfd25772b9a3c38f

      SHA1

      843c825c2d559acd889b65296eef07a38bf464aa

      SHA256

      f8c67d4639fa4154ce979b6584d177817d6832b9ada678c17174f94fe7e5e617

      SHA512

      cd0c7824ec9cadb3f89bbd6d2c8e6bde789738bea73c5f86451b670649ac8e438ff423c595c045b71257d9d2daa0f45434721d244b20f789c18536a937bba563

    • memory/1792-10-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-67-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-6-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-19-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-8-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-17-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-16-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-18-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-15-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-13-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-12-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-11-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-7-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-0-0x000000002FAC1000-0x000000002FAC2000-memory.dmp

      Filesize

      4KB

    • memory/1792-14-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-20-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-21-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-39-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-53-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-92-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-68-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-78-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-2-0x000000007122D000-0x0000000071238000-memory.dmp

      Filesize

      44KB

    • memory/1792-9-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-95-0x000000007122D000-0x0000000071238000-memory.dmp

      Filesize

      44KB

    • memory/1792-96-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-133-0x0000000000510000-0x0000000000610000-memory.dmp

      Filesize

      1024KB

    • memory/1792-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB