ca334a40d33507790776983aed820a0ea3d9e0fcddddd5024efd39e16cd7b4f6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

11b8ed7818...18.xls

windows7-x64

11b8ed7818...18.xls

windows10-2004-x64

6

Sharing

General

Target

11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118
Size

132KB
Sample

241004-ee5dfashmk
MD5

11b8ed7818b874e5ee7a1d1694637023
SHA1

c0bad45eb3f7b222146283d9b846977f8575a88b
SHA256

ca334a40d33507790776983aed820a0ea3d9e0fcddddd5024efd39e16cd7b4f6
SHA512

34d9aef98867f984f0dbc81b4e5ed99f4be769c3484f5e6c07046884c5291aecb4555791153307741c5b69fb11b298508ddfd9952d976435a7fceca9a1b2f222
SSDEEP

3072:Z+Fi+VjV3lj/HeWVbrzQ7ITkD2TLjvaw5D8:j+VVRa2r

Score

10^/10

defense_evasion discovery macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118.xls

Resource

win7-20240708-en

defense_evasion discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118.xls

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118
- Size
  
  132KB
- MD5
  
  11b8ed7818b874e5ee7a1d1694637023
- SHA1
  
  c0bad45eb3f7b222146283d9b846977f8575a88b
- SHA256
  
  ca334a40d33507790776983aed820a0ea3d9e0fcddddd5024efd39e16cd7b4f6
- SHA512
  
  34d9aef98867f984f0dbc81b4e5ed99f4be769c3484f5e6c07046884c5291aecb4555791153307741c5b69fb11b298508ddfd9952d976435a7fceca9a1b2f222
- SSDEEP
  
  3072:Z+Fi+VjV3lj/HeWVbrzQ7ITkD2TLjvaw5D8:j+VVRa2r
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

© 2018-2025

Terms | Privacy