Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

d544eb2d17...18.doc

windows7-x64

10

d544eb2d17...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d544eb2d174cf3065c457942e2087e78_JaffaCakes118

  • Size

    132KB

  • Sample

    240908-29gl7asgkg

  • MD5

    d544eb2d174cf3065c457942e2087e78

  • SHA1

    d9d9055b06fd5984da73ce9f1a0dcd4670898c8d

  • SHA256

    ac1799f9b3a672cdbf5d43c8a2d5c83c07069d2404e6a95c6e21a1abce0c3040

  • SHA512

    e8ca8f1c412c18eb0f60f11186aa99b162228c36de5f6fd007e54e8d71c7906708f9689da60fe1fc4f8f7a3caae3b666e6ebb840b8b37ba5afa83927debca860

  • SSDEEP

    1536:eVO81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvad8/2GeUUt/YQJFm0DaqGq+aa:eM8GhDS0o9zTGOZD6EbzCd8/cplVDaqQ

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.binsuloomgroup.com/wp-content/uploads/TyUg_qOsCOz4O_5uPw9YSbO
exe.dropper

http://bonnyprint.com/wp-content/PCT_0H8S_L9zVHlYSF
exe.dropper

http://ftp.spbv.org/worem_2o27v_d
exe.dropper

http://flowersgalleryevents.ayansaha.com/2Z4fO_YmAY_BqDF1wD
exe.dropper

https://anhle.art/t2ZZ_zOxsnfkSJ_ClUxs

Targets

    • Target

      d544eb2d174cf3065c457942e2087e78_JaffaCakes118

    • Size

      132KB

    • MD5

      d544eb2d174cf3065c457942e2087e78

    • SHA1

      d9d9055b06fd5984da73ce9f1a0dcd4670898c8d

    • SHA256

      ac1799f9b3a672cdbf5d43c8a2d5c83c07069d2404e6a95c6e21a1abce0c3040

    • SHA512

      e8ca8f1c412c18eb0f60f11186aa99b162228c36de5f6fd007e54e8d71c7906708f9689da60fe1fc4f8f7a3caae3b666e6ebb840b8b37ba5afa83927debca860

    • SSDEEP

      1536:eVO81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvad8/2GeUUt/YQJFm0DaqGq+aa:eM8GhDS0o9zTGOZD6EbzCd8/cplVDaqQ

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks