Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

bb1d741b3c...8.docm

windows7-x64

10

bb1d741b3c...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb1d741b3cd16e1e95e46a9896bafee3_JaffaCakes118

  • Size

    40KB

  • Sample

    240823-k2177axgqq

  • MD5

    bb1d741b3cd16e1e95e46a9896bafee3

  • SHA1

    b713457ae790b72b2ddb59635856df29b5f78f06

  • SHA256

    ff4827dd05be0be2fa3bb4a421bcad69f2a42a40a4949f8bcb39f2dd49bb9e4c

  • SHA512

    7205cedd7ac05faad01a87797503aaa613505602356884d2a59a03fcf44f26e62cf3665166b00526d0119913c642a5d011520b8b46b88f2d8c59e721a861ba7d

  • SSDEEP

    768:docWKs/icV5i5rrpeVKCX/Yt7zMWI7z/0MAj/LK2pfNa0tqvT4Jv7si:CGsA7eVKCPKuUMAjDKONa0tqvT4Jv7T

Score
10/10
discoveryexecutionmacro

Malware Config

Targets

    • Target

      bb1d741b3cd16e1e95e46a9896bafee3_JaffaCakes118

    • Size

      40KB

    • MD5

      bb1d741b3cd16e1e95e46a9896bafee3

    • SHA1

      b713457ae790b72b2ddb59635856df29b5f78f06

    • SHA256

      ff4827dd05be0be2fa3bb4a421bcad69f2a42a40a4949f8bcb39f2dd49bb9e4c

    • SHA512

      7205cedd7ac05faad01a87797503aaa613505602356884d2a59a03fcf44f26e62cf3665166b00526d0119913c642a5d011520b8b46b88f2d8c59e721a861ba7d

    • SSDEEP

      768:docWKs/icV5i5rrpeVKCX/Yt7zMWI7z/0MAj/LK2pfNa0tqvT4Jv7si:CGsA7eVKCPKuUMAjDKONa0tqvT4Jv7T

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks