25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

ef4e00d7e9...18.doc

windows7-x64

ef4e00d7e9...18.doc

windows10-2004-x64

Sharing

General

Target

ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118
Size

161KB
Sample

240921-h4dtka1amh
MD5

ef4e00d7e912910b1184f73b6a860aa8
SHA1

a99138b20c126c426df947786137a7cb1e795e9c
SHA256

25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578
SHA512

ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a
SSDEEP

3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD

Score

10^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118.doc

Resource

win7-20240708-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://khobormalda.com/wp-content/82/

exe.dropper

http://blog.zunapro.com/wp-admin/LEE/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/

exe.dropper

https://online24h.biz/wp-admin/K/

exe.dropper

https://fepami.com/wp-includes/eaI/

exe.dropper

http://ora-ks.com/system/cache/w/

exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

- Target
  
  ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118
- Size
  
  161KB
- MD5
  
  ef4e00d7e912910b1184f73b6a860aa8
- SHA1
  
  a99138b20c126c426df947786137a7cb1e795e9c
- SHA256
  
  25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578
- SHA512
  
  ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a
- SSDEEP
  
  3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy