0d8ad63d513a9b6f03056a3134b3c258610771388215e2c5e7b08233bf2b1ad6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

db1dda0772...18.doc

windows7-x64

db1dda0772...18.doc

windows10-2004-x64

6

Sharing

General

Target

db1dda0772c81f143e71e55da4564d95_JaffaCakes118
Size

109KB
Sample

240911-ynvedazgkb
MD5

db1dda0772c81f143e71e55da4564d95
SHA1

7217dd2c9da7dd0129fefaecd65a98561a3c4010
SHA256

0d8ad63d513a9b6f03056a3134b3c258610771388215e2c5e7b08233bf2b1ad6
SHA512

ba1f07d19e025ab42187af56f04e0b7d7dcfe74d805ded5a725acb1f4b7277ed8e791704e6876b51e6aecc9b80181c89d8e363ec898c76f45eaf2818017e571d
SSDEEP

768:p3th9csVk6tWdmUx7mOUPwAy91LSi4TSUaThfFlNGD0xz99EQ:p3pZkscv7mvPw5qi4TSlThDNGD03C

Score

10^/10

discovery dropper macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

db1dda0772c81f143e71e55da4564d95_JaffaCakes118.doc

Resource

win7-20240729-en

discovery dropper

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

db1dda0772c81f143e71e55da4564d95_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  db1dda0772c81f143e71e55da4564d95_JaffaCakes118
- Size
  
  109KB
- MD5
  
  db1dda0772c81f143e71e55da4564d95
- SHA1
  
  7217dd2c9da7dd0129fefaecd65a98561a3c4010
- SHA256
  
  0d8ad63d513a9b6f03056a3134b3c258610771388215e2c5e7b08233bf2b1ad6
- SHA512
  
  ba1f07d19e025ab42187af56f04e0b7d7dcfe74d805ded5a725acb1f4b7277ed8e791704e6876b51e6aecc9b80181c89d8e363ec898c76f45eaf2818017e571d
- SSDEEP
  
  768:p3th9csVk6tWdmUx7mOUPwAy91LSi4TSUaThfFlNGD0xz99EQ:p3pZkscv7mvPw5qi4TSlThDNGD03C
Score

10^/10

discovery dropper
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Download via BitsAdmin
  dropper
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

discoverydropper

behavioral2

© 2018-2025

Terms | Privacy