Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0fe8024219742a269712cfa35bcf3902_JaffaCakes118
-
Size
182KB
-
Sample
240503-hjcqrshc9y
-
MD5
0fe8024219742a269712cfa35bcf3902
-
SHA1
ad2a753062358ece641c1449c65a6fa49e68e5d2
-
SHA256
2caf05fb34bd7d621953ca25eb813c6ed8bcbda224727f82e072e3417ab2fa65
-
SHA512
915c6745fa0bd520784c472612b51056ab8ca6a0e9c134f5a23ebd12f89c31ce645d21e0019ce4043ea5b53a5bf7880430c5383b77627186aa173246b50e9bf2
-
SSDEEP
3072:9Ny2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUzasiv8Ok7X:9Ny2k4PF7tGiL3HJk9rD7bzasiv8RD
Behavioral task
behavioral1
Sample
0fe8024219742a269712cfa35bcf3902_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0fe8024219742a269712cfa35bcf3902_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://diwafashions.com/wp-admin/mqau6/
http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
http://dixartcontractors.com/cgi-bin/nnuv/
http://diaspotv.info/wordpress/G/
http://easyvisaoverseas.com/cgi-bin/v/
Targets
-
-
Target
0fe8024219742a269712cfa35bcf3902_JaffaCakes118
-
Size
182KB
-
MD5
0fe8024219742a269712cfa35bcf3902
-
SHA1
ad2a753062358ece641c1449c65a6fa49e68e5d2
-
SHA256
2caf05fb34bd7d621953ca25eb813c6ed8bcbda224727f82e072e3417ab2fa65
-
SHA512
915c6745fa0bd520784c472612b51056ab8ca6a0e9c134f5a23ebd12f89c31ce645d21e0019ce4043ea5b53a5bf7880430c5383b77627186aa173246b50e9bf2
-
SSDEEP
3072:9Ny2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUzasiv8Ok7X:9Ny2k4PF7tGiL3HJk9rD7bzasiv8RD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-