Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118
-
Size
191KB
-
Sample
240509-qj4s9aed46
-
MD5
2a2442881b7130fdbb2fa25fa2cdc0fb
-
SHA1
e1c3e7dda75f30d0f1116be4b8f34a465855b3c2
-
SHA256
a99c9ad593ce0d637ad4526f58ca7493d46ff5142d908d55ef9ee711deefb69b
-
SHA512
ea038c49f0d5a71a601a41203d5424b3a642c7f3c95aaf0670d950f67465174770db55cca39f4ee89657a00108a86d9bbf8127ce950546ce5272f2be04056bf3
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjj0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pL8KbS
Static task
static1
Behavioral task
behavioral1
Sample
2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://reklamdasiniz.com/wp-admin/W/
http://www.paramedicaleducationguidelines.com/wp-admin/7S/
http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
http://casualhome.com/wp-admin/Y/
https://aemine.vn/wp-admin/KMq/
http://aahnaturals.net/wp-includes/A3/
https://sbsec.org/bsadmin-portal/1nf/
Targets
-
-
Target
2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118
-
Size
191KB
-
MD5
2a2442881b7130fdbb2fa25fa2cdc0fb
-
SHA1
e1c3e7dda75f30d0f1116be4b8f34a465855b3c2
-
SHA256
a99c9ad593ce0d637ad4526f58ca7493d46ff5142d908d55ef9ee711deefb69b
-
SHA512
ea038c49f0d5a71a601a41203d5424b3a642c7f3c95aaf0670d950f67465174770db55cca39f4ee89657a00108a86d9bbf8127ce950546ce5272f2be04056bf3
-
SSDEEP
3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjj0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pL8KbS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-