355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

a4a09a30b1...18.doc

windows7-x64

a4a09a30b1...18.doc

windows10-2004-x64

Sharing

General

Target

a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118
Size

174KB
Sample

240818-aecwzaxcpn
MD5

a4a09a30b1a8ed03d56a45dc17e3ed95
SHA1

41c2ee288189424ee7d5ef6cee7e0d26cdd2229b
SHA256

355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a
SHA512

023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10
SSDEEP

3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0

Score

10^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118.doc

Resource

win7-20240729-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://babyshop.webdungsan.com/wp-admin/n/

exe.dropper

http://nguyenlieuphachehanoi.com/wp-admin/kL/

exe.dropper

http://notesever.com/cgi-bin/Cfs/

exe.dropper

http://superbetprediction.com/js/Qo/

exe.dropper

http://pattanitkpark.com/gipe2h/iqt/

exe.dropper

http://www.xxdaytoy.top/wp-content/E/

exe.dropper

http://huaibangchina.com/kic3kc/c/

Targets

- Target
  
  a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118
- Size
  
  174KB
- MD5
  
  a4a09a30b1a8ed03d56a45dc17e3ed95
- SHA1
  
  41c2ee288189424ee7d5ef6cee7e0d26cdd2229b
- SHA256
  
  355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a
- SHA512
  
  023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10
- SSDEEP
  
  3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy