Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

2eecb4b1e6...18.doc

windows7-x64

4

2eecb4b1e6...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 03:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2eecb4b1e651ec3ae926f9bbdbc35fad_JaffaCakes118.doc

  • Size

    60KB

  • MD5

    2eecb4b1e651ec3ae926f9bbdbc35fad

  • SHA1

    7025862436e08fb175587c467378e05d1c248e38

  • SHA256

    ba45df9f3a0400bbecd1e594e0aa5247b4cdd4941e9902d36a8f569844f40cbe

  • SHA512

    8ad9a3b4e48aee54305d4145ee6bb6a32c8d5db6253796ab4802cf2b91466539ba0e5902ca5c87fb6552da3e7085aa8ef0fcec59ecb3fff3407c8097ef476c6d

  • SSDEEP

    384:/7lOutAbggRgtsS/SQoVD2vyiOa/F1SlEX5LZhxQtP4XtXdJlrtOv65HtoWEoql2:5OuyUpLq4yiEnsddJ2ylEoaXa

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2eecb4b1e651ec3ae926f9bbdbc35fad_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      9218e073402dc3d1652f635988e9d3c7

      SHA1

      2ca6f6e9bb150a3921539109d99b2716084c4ef2

      SHA256

      ab678c3bc0a569ab2aa62cebdfadc8cbe0d47619e1698809e20bfe175d5ff23d

      SHA512

      59cb4c4dcb587ff11851366ec8452953c7b3029a08ee6f875fac8f887546651d27dd115141ab891011c035c2338a65ac4ad6ef7e9b470505b585b142fd67f010

      Download Submit

    • memory/1604-0-0x000000002F361000-0x000000002F362000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1604-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1604-2-0x0000000070BFD000-0x0000000070C08000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1604-5-0x0000000070BFD000-0x0000000070C08000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1604-20-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download