Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
16ea5d66df1706dee374737e0af072ba_JaffaCakes118
-
Size
172KB
-
Sample
240505-kveqlsch6x
-
MD5
16ea5d66df1706dee374737e0af072ba
-
SHA1
8bb0e715e57ead75d33265a28329b4adb693dd7f
-
SHA256
a162bffd2c7937b14cbc56696db2b2a7a964b9998e204c32edaa94c4de1cddc1
-
SHA512
a5af0e7d61d37f672223e9dcccc2abd536dd67256f5ba624846ce89439ab21d00c9980c816a68ba1894f5b57fa56370776116d3ca87bde52e200097ab31ac938
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9LpxO8nq78ct2PU7MXKSSxH5pcKaJn57y2t:erfrzOH98ipgekB57V
Behavioral task
behavioral1
Sample
16ea5d66df1706dee374737e0af072ba_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16ea5d66df1706dee374737e0af072ba_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://rhyton-building.com/wp-admin/Ey8qV0/
http://ezzll.com/wp-includes/KIU2WU/
http://tellmetech.com/wp-content/4ka/
https://elmundodelareposteria.com/wp-admin/0PVVmJm/
https://manuelrozas.cl/assets/XWN/
https://haritdharni.com/wp-admin/bZM/
https://theworks-group.com/site/pQT6j5/
Targets
-
-
Target
16ea5d66df1706dee374737e0af072ba_JaffaCakes118
-
Size
172KB
-
MD5
16ea5d66df1706dee374737e0af072ba
-
SHA1
8bb0e715e57ead75d33265a28329b4adb693dd7f
-
SHA256
a162bffd2c7937b14cbc56696db2b2a7a964b9998e204c32edaa94c4de1cddc1
-
SHA512
a5af0e7d61d37f672223e9dcccc2abd536dd67256f5ba624846ce89439ab21d00c9980c816a68ba1894f5b57fa56370776116d3ca87bde52e200097ab31ac938
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9LpxO8nq78ct2PU7MXKSSxH5pcKaJn57y2t:erfrzOH98ipgekB57V
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-