Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

2db1219113...18.doc

windows7-x64

4

2db1219113...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc

  • Size

    31KB

  • MD5

    2db1219113d2ccc606ad0f1d9142e3e7

  • SHA1

    c1d109b32ec1f41c8f147baea35b72e216ae8c3e

  • SHA256

    4769113b8ce9ea6cf83aa877c3bd0c154e01de603818cff6caca153ee098d746

  • SHA512

    748fc22bd15d4c22b8c3647c27ad0bf4a747936e6f07e9ca4e5ee2ed70b4a072dceeda217bee29d6680871fbb3820c3795c0bff1effb0da179c6b8586c545299

  • SSDEEP

    192:9zr77KOwXJ/E/jp5/ZFUYkEPQQbx90HFyy8K/OGJgBcGzJs/uCifg6J:ZrP0XyxkqYyy8K/OGJGcSLfg8

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2db1219113d2ccc606ad0f1d9142e3e7_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      3f8b593cb6d0430729f36327677ff86f

      SHA1

      c1fe476c1635cbec303b4caea09e6bba1ef9181b

      SHA256

      eff647f49f7e3008608a6ace528f0255126686a1ca0baad84dc880493f5b4136

      SHA512

      bed82c9b33a248a648034d1664939fe5a390c10115b300bc5a0ef016c30550525a9a58941a6e726a89a82145fc186f1d16b283b45b006da503ccddfd985982a0

      Download Submit

    • memory/1952-0-0x000000002FEF1000-0x000000002FEF2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1952-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1952-2-0x000000007379D000-0x00000000737A8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1952-5-0x000000007379D000-0x00000000737A8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1952-20-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download