Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118
-
Size
191KB
-
Sample
240508-phn6qscb3y
-
MD5
24cecf78cc9e295d308dc40cd4bfdb7e
-
SHA1
5f7c0857acbf88cd45e1f98c4a125c948cb41162
-
SHA256
2bc8e76e92e5fe4a27e7bcdf6b5982ba7da19098c3df9d8105b34118144a94e9
-
SHA512
b67e1fb94ff126b1dcd93d254c875dd18778824b0ac5360486b553e09d7da1e2f2490ee5efef84d0242bf5d2204d364d55bff5f625f6a1e1c90aa113f202df0d
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjI0zKNf9cfmfE7qdmVJKk/Juvc5a8a8B:i9ufsfgIf0pLLKbW
Static task
static1
Behavioral task
behavioral1
Sample
24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://reklamdasiniz.com/wp-admin/W/
http://www.paramedicaleducationguidelines.com/wp-admin/7S/
http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
http://casualhome.com/wp-admin/Y/
https://aemine.vn/wp-admin/KMq/
http://aahnaturals.net/wp-includes/A3/
https://sbsec.org/bsadmin-portal/1nf/
Targets
-
-
Target
24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118
-
Size
191KB
-
MD5
24cecf78cc9e295d308dc40cd4bfdb7e
-
SHA1
5f7c0857acbf88cd45e1f98c4a125c948cb41162
-
SHA256
2bc8e76e92e5fe4a27e7bcdf6b5982ba7da19098c3df9d8105b34118144a94e9
-
SHA512
b67e1fb94ff126b1dcd93d254c875dd18778824b0ac5360486b553e09d7da1e2f2490ee5efef84d0242bf5d2204d364d55bff5f625f6a1e1c90aa113f202df0d
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjI0zKNf9cfmfE7qdmVJKk/Juvc5a8a8B:i9ufsfgIf0pLLKbW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-