Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
16fb192508fa330cafdcfa5d1a23b0fb_JaffaCakes118
-
Size
164KB
-
Sample
240505-k691wsgf75
-
MD5
16fb192508fa330cafdcfa5d1a23b0fb
-
SHA1
7f38d60f95f0b7428374477921c0722674a80e0c
-
SHA256
496ea95f7dd559363ca3b949aaaf3c4f291fe0c2fdb2eb85e8ec581df270e46b
-
SHA512
9e824d9fdf38f8eec2c27b55a71a9490b469638c69e9a95661cf99a4977f652a1f0c029f4a13e7369d7d408854ac0cb5c27d2b9d427b6cd8928e27d69adabeae
-
SSDEEP
1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Zay9y0J6f264N+s:mrfrzOH98ipgLPJ6fQ+s
Behavioral task
behavioral1
Sample
16fb192508fa330cafdcfa5d1a23b0fb_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16fb192508fa330cafdcfa5d1a23b0fb_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://www.yusukelife.com/wp/ure/
https://www.ingyouth.com/wp-includes/0zCW/
http://alphapharma247.com/wp-content/plugins/r/
http://muanha24h.com/wp-content/fHS7/
http://buyhacks.net/wp-content/jgLqdhk/
https://comsotaque.com/wp-includes/5i/
https://qualitychildcarepreschool.com/emqblk/Ik2D/
Targets
-
-
Target
16fb192508fa330cafdcfa5d1a23b0fb_JaffaCakes118
-
Size
164KB
-
MD5
16fb192508fa330cafdcfa5d1a23b0fb
-
SHA1
7f38d60f95f0b7428374477921c0722674a80e0c
-
SHA256
496ea95f7dd559363ca3b949aaaf3c4f291fe0c2fdb2eb85e8ec581df270e46b
-
SHA512
9e824d9fdf38f8eec2c27b55a71a9490b469638c69e9a95661cf99a4977f652a1f0c029f4a13e7369d7d408854ac0cb5c27d2b9d427b6cd8928e27d69adabeae
-
SSDEEP
1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Zay9y0J6f264N+s:mrfrzOH98ipgLPJ6fQ+s
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-