Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2024, 05:45

General

  • Target

    99182162ec6fa6c4752150d37e3f8a7b_JaffaCakes118.doc

  • Size

    242KB

  • MD5

    99182162ec6fa6c4752150d37e3f8a7b

  • SHA1

    34443a18c9ed12b81f2d83c410d9b20135194c6e

  • SHA256

    dc200eaa002ca7c77b6a41874ed1905ab31095adab67e438dc0ba94810d9852d

  • SHA512

    c66823a06666c55b609b2e5a54b6b91d429084e10dc50f10a777c94f2cc9f84b71e085d7fe36fa16cbd654534c11a8c51bb6472be39f3b13d637d06c79119bcf

  • SSDEEP

    1536:Eterikw0HJzwlIiuq73/IKBPdbs0gj5HrTPjyaK/dRYt2tXOrBY81t7jReq5Lqc3:EOw0pklIiuq73/IKBds72dSOKb78WLOG

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\99182162ec6fa6c4752150d37e3f8a7b_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:5052
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:5036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

    Filesize

    471B

    MD5

    76cc24a11f49e96f41002c2356a77a48

    SHA1

    3068840a3364f8034b6ad3ca849a9215e4a9546a

    SHA256

    df50058d3ec403b30ace94fb0c61ae485fd1c99c3b4726a1affab76d9eebe7cb

    SHA512

    d6899eec84fd4f24cfd228786bcfa9a9cbdf9505b453c80c75b24599ca3ea91c203465ac14bd46731a7a1cc8664c83ab56f0f84116d4d6c1af4cbfb0945cbde9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

    Filesize

    420B

    MD5

    cbad01eb3378df56669b29fd64ba031b

    SHA1

    e05bafe857676b9a71fbf0edaf968ab4a81d8497

    SHA256

    29b244dc834ef2818847be487c082f8117354d474e31014125b7dc30367ac281

    SHA512

    54d0fa7806e5e3e5a57b43032a3e9734226b4f8bbd88348bbc7a2441e6830fb8702d1371dbfe9773e9cdb00348fe338c0c77cfb4e703ce5df587b8ad2b1b15ab

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\55A60111-086E-467A-8E5A-CEA7711A8C84

    Filesize

    170KB

    MD5

    1b9c9af344e0048c5d15a4ff9024afd4

    SHA1

    97fc4f690e052dc9511b119e1c58e1a0b00fc70b

    SHA256

    4bb1c49d34dbb8a36a318ee66bf25035010fe19f8589bd0986786e27284114b5

    SHA512

    bfb2384115c319c8b0dc26002989744a9d6a9499b831b8da73324ec53c4e5ea5bc2ecd46b3928b19d7d427326ae32b7e144dbcc62c956bae3474890a24dfb0a2

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

    Filesize

    2KB

    MD5

    e8621b5417489f6ac3996479da0579f3

    SHA1

    9ac5425a6bbaddbc8b8f9facaad37bcc7b6d69b4

    SHA256

    9e4c3b5a366d416bda16b63363b7ba113fd59a0755e512c217b93b2368918778

    SHA512

    ec0675b8ff210c8af2e9543fcf08d5c421ac1e03690087ca16a7932124bbce4f004ad2fb9fb4cf8b485c556c1ad90621f509bbfd965608f86479ee3b10e3b498

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

    Filesize

    2KB

    MD5

    3147f9af49db556c4bbc544b2a81f825

    SHA1

    9279d333dcb5a37a3c639ae5a443016fa8859ffd

    SHA256

    8862e89ea6c13e6271cd9c0aaa47e6b8f81df26752ce056d6d1548c2cba259b3

    SHA512

    755e153442830aba996f00a8d2b9d45041be814c1558a5ce24337b63d3d2edecb9154f6bc23013805780c418ad417d431ccd2cfe24be3a2699beaebf98ed8847

  • C:\Users\Admin\AppData\Local\Temp\TCDCC1F.tmp\iso690.xsl

    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    3KB

    MD5

    7f0953ab1be9e1089ed3214a3ca39c47

    SHA1

    8b20223eedf5e72768ddbb1d7d37e69ad7d18b63

    SHA256

    6ebb6ad02775e7704fd4768cf0efef16ca09318e45d63554775a405ce77b4c5c

    SHA512

    04fa711c58bed7d472996574b27de161173a54ab6fbe3bfea79fefaee6ee4d6c4da62b6b4a76aa4aab6e32a65014635d1a261bffbc3f3f2f520cd4cbc61c69a4

  • memory/5052-8-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-4-0x00007FFD8D090000-0x00007FFD8D0A0000-memory.dmp

    Filesize

    64KB

  • memory/5052-13-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-12-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-11-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-10-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-9-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-0-0x00007FFDCD0AD000-0x00007FFDCD0AE000-memory.dmp

    Filesize

    4KB

  • memory/5052-7-0x00007FFD8D090000-0x00007FFD8D0A0000-memory.dmp

    Filesize

    64KB

  • memory/5052-16-0x00007FFD8A840000-0x00007FFD8A850000-memory.dmp

    Filesize

    64KB

  • memory/5052-14-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-15-0x00007FFD8A840000-0x00007FFD8A850000-memory.dmp

    Filesize

    64KB

  • memory/5052-164-0x00007FFDCD0AD000-0x00007FFDCD0AE000-memory.dmp

    Filesize

    4KB

  • memory/5052-165-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-166-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-167-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-220-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-5-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-6-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB

  • memory/5052-2-0x00007FFD8D090000-0x00007FFD8D0A0000-memory.dmp

    Filesize

    64KB

  • memory/5052-3-0x00007FFD8D090000-0x00007FFD8D0A0000-memory.dmp

    Filesize

    64KB

  • memory/5052-1-0x00007FFD8D090000-0x00007FFD8D0A0000-memory.dmp

    Filesize

    64KB

  • memory/5052-722-0x00007FFDCD010000-0x00007FFDCD205000-memory.dmp

    Filesize

    2.0MB