Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
08/07/2024, 20:26
Static task
static1
Behavioral task
behavioral1
Sample
2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc
Resource
win10v2004-20240704-en
General
-
Target
2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc
-
Size
31KB
-
MD5
2db1219113d2ccc606ad0f1d9142e3e7
-
SHA1
c1d109b32ec1f41c8f147baea35b72e216ae8c3e
-
SHA256
4769113b8ce9ea6cf83aa877c3bd0c154e01de603818cff6caca153ee098d746
-
SHA512
748fc22bd15d4c22b8c3647c27ad0bf4a747936e6f07e9ca4e5ee2ed70b4a072dceeda217bee29d6680871fbb3820c3795c0bff1effb0da179c6b8586c545299
-
SSDEEP
192:9zr77KOwXJ/E/jp5/ZFUYkEPQQbx90HFyy8K/OGJgBcGzJs/uCifg6J:ZrP0XyxkqYyy8K/OGJGcSLfg8
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1952 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1952 WINWORD.EXE 1952 WINWORD.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1952 wrote to memory of 2756 1952 WINWORD.EXE 32 PID 1952 wrote to memory of 2756 1952 WINWORD.EXE 32 PID 1952 wrote to memory of 2756 1952 WINWORD.EXE 32 PID 1952 wrote to memory of 2756 1952 WINWORD.EXE 32
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc"1⤵
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:2756
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD53f8b593cb6d0430729f36327677ff86f
SHA1c1fe476c1635cbec303b4caea09e6bba1ef9181b
SHA256eff647f49f7e3008608a6ace528f0255126686a1ca0baad84dc880493f5b4136
SHA512bed82c9b33a248a648034d1664939fe5a390c10115b300bc5a0ef016c30550525a9a58941a6e726a89a82145fc186f1d16b283b45b006da503ccddfd985982a0