7d99a30ca8f89ca4ad64055e2ec39e67fb07639e03ebc773b6375b742a7f1162 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

fbcc5c125e...18.rtf

windows7-x64

fbcc5c125e...18.rtf

windows10-2004-x64

Sharing

General

Target

fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118
Size

750KB
Sample

240928-jcdj6atejj
MD5

fbcc5c125e18019a5e6e536a47d5a1a8
SHA1

8c3b235607fe39ee44accbec28887547adf33550
SHA256

7d99a30ca8f89ca4ad64055e2ec39e67fb07639e03ebc773b6375b742a7f1162
SHA512

23d2e97b1b11588818244a10e9084beb5df2c4eb99f1eab145d5118dc7eb817501557144bb1dfba0133eab6a5f4af73546dfc33aa50a4b53e600094fbd36a535
SSDEEP

12288:OuqyHuqyNuqy/uqySuqyKuqypuqyWuqymuqy/uqyzS:zqyOqyAqy2qyPqy3qykqyLqybqy2qyW

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118.rtf

Resource

win7-20240903-en

discovery execution

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118.rtf

Resource

win10v2004-20240910-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://panelonetwothree.ga/work/15.exe

Targets

- Target
  
  fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118
- Size
  
  750KB
- MD5
  
  fbcc5c125e18019a5e6e536a47d5a1a8
- SHA1
  
  8c3b235607fe39ee44accbec28887547adf33550
- SHA256
  
  7d99a30ca8f89ca4ad64055e2ec39e67fb07639e03ebc773b6375b742a7f1162
- SHA512
  
  23d2e97b1b11588818244a10e9084beb5df2c4eb99f1eab145d5118dc7eb817501557144bb1dfba0133eab6a5f4af73546dfc33aa50a4b53e600094fbd36a535
- SSDEEP
  
  12288:OuqyHuqyNuqy/uqySuqyKuqypuqyWuqymuqy/uqyzS:zqyOqyAqy2qyPqy3qykqyLqybqy2qyW
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy