1ce10d907f4929d568a03b5336386ce51b7bb4cb3d4814bca951bdcbb11a0930 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

b1a74aca86...18.doc

windows7-x64

b1a74aca86...18.doc

windows10-2004-x64

6

Sharing

General

Target

b1a74aca86a21a5749a400fcdf10ab6c_JaffaCakes118
Size

176KB
Sample

240821-b1ne9stemb
MD5

b1a74aca86a21a5749a400fcdf10ab6c
SHA1

ff151c98ba0331c83f98c1bb2788255a4f0d803d
SHA256

1ce10d907f4929d568a03b5336386ce51b7bb4cb3d4814bca951bdcbb11a0930
SHA512

74a0b133f79f9db0766179d21e2886a500477ba89a25dad81c1c3dd50efba6147cbb7a54df5b34bd908128ab7aaafe5079cf834c89608196d07b4aad41f8a534
SSDEEP

3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hZ7Q8eK8:UBtgVIveNZvnF88x8

Score

10^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

b1a74aca86a21a5749a400fcdf10ab6c_JaffaCakes118.doc

Resource

win7-20240705-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1a74aca86a21a5749a400fcdf10ab6c_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://babyshop.webdungsan.com/wp-admin/n/

exe.dropper

http://nguyenlieuphachehanoi.com/wp-admin/kL/

exe.dropper

http://notesever.com/cgi-bin/Cfs/

exe.dropper

http://superbetprediction.com/js/Qo/

exe.dropper

http://pattanitkpark.com/gipe2h/iqt/

exe.dropper

http://www.xxdaytoy.top/wp-content/E/

exe.dropper

http://huaibangchina.com/kic3kc/c/

Targets

- Target
  
  b1a74aca86a21a5749a400fcdf10ab6c_JaffaCakes118
- Size
  
  176KB
- MD5
  
  b1a74aca86a21a5749a400fcdf10ab6c
- SHA1
  
  ff151c98ba0331c83f98c1bb2788255a4f0d803d
- SHA256
  
  1ce10d907f4929d568a03b5336386ce51b7bb4cb3d4814bca951bdcbb11a0930
- SHA512
  
  74a0b133f79f9db0766179d21e2886a500477ba89a25dad81c1c3dd50efba6147cbb7a54df5b34bd908128ab7aaafe5079cf834c89608196d07b4aad41f8a534
- SSDEEP
  
  3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hZ7Q8eK8:UBtgVIveNZvnF88x8
Score

10^/10

discovery
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy