Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118
-
Size
186KB
-
Sample
240509-gwg1ksgf69
-
MD5
28a52112efdfd3ec1b30ee75d79c98a4
-
SHA1
b4a57f3074b8f22eb93fd7f695bd4a0bbaa33035
-
SHA256
200ab165378e9785d6c3add4e5a2738f94fa6db69ec0ad5459a177b241194020
-
SHA512
78f97772ca59954b3a91efaa26c54558446fd4baae573fcc9e5f37e33f2873f7e9fa4f414fa90e729ac0227adfe8ba84644505057d4120d2496af92546e24f00
-
SSDEEP
1536:qI491Y2wcI491Y2w+4tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a9iXljb:A4tcTvjvTY140818tIP4ovpD1jnuPk
Behavioral task
behavioral1
Sample
28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://loungegangnam.com/4W/dz/
http://indyoverheaddoors.com/wp-includes/pZ/
http://geoffoglemusic.com/wp-admin/w/
http://giral2.com/wp-includes/0e/
https://www.lunalysis.com/wordpress/syb/
http://farli.com/cgi-bin/jK/
http://goldcoastoffice365.com/temp/wQ/
Targets
-
-
Target
28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118
-
Size
186KB
-
MD5
28a52112efdfd3ec1b30ee75d79c98a4
-
SHA1
b4a57f3074b8f22eb93fd7f695bd4a0bbaa33035
-
SHA256
200ab165378e9785d6c3add4e5a2738f94fa6db69ec0ad5459a177b241194020
-
SHA512
78f97772ca59954b3a91efaa26c54558446fd4baae573fcc9e5f37e33f2873f7e9fa4f414fa90e729ac0227adfe8ba84644505057d4120d2496af92546e24f00
-
SSDEEP
1536:qI491Y2wcI491Y2w+4tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a9iXljb:A4tcTvjvTY140818tIP4ovpD1jnuPk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-