c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

eed3b64b0c...18.doc

windows7-x64

eed3b64b0c...18.doc

windows10-2004-x64

Sharing

General

Target

eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118
Size

217KB
Sample

240921-b1vjksygra
MD5

eed3b64b0cecdaf53dc6b7897cc25a94
SHA1

9e329077f05351a315c6db0f86bd0df73d37fe6a
SHA256

c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869
SHA512

392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78
SSDEEP

1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB

Score

10^/10

discovery macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118.doc

Resource

win7-20240903-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://fulfillmententertainment.com/cgi-bin/jO/

exe.dropper

http://meadtimes.com/wp-content/VZrDrTw/

exe.dropper

http://pinturasydecoracionluis.com/wp-admin/fK3/

exe.dropper

http://oconsign.com/cgi-bin/koLViD/

exe.dropper

http://umapreowned.com/wp-admin/XF7RBbs/

exe.dropper

http://kitecorp.ca/wp-includes/kEI98N/

exe.dropper

http://moneyii.com/website/ddeoUDo/

Targets

- Target
  
  eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118
- Size
  
  217KB
- MD5
  
  eed3b64b0cecdaf53dc6b7897cc25a94
- SHA1
  
  9e329077f05351a315c6db0f86bd0df73d37fe6a
- SHA256
  
  c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869
- SHA512
  
  392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78
- SSDEEP
  
  1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy