Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2c99275ab5366567f8ddb005b1347e58_JaffaCakes118
-
Size
232KB
-
Sample
240510-bheqeadb44
-
MD5
2c99275ab5366567f8ddb005b1347e58
-
SHA1
1eba4b2478789e30b11cb3c01abe51a83c3b87ab
-
SHA256
b5ced3fd9b5203a48e44f9df4cb09216c9527f2bdae51b0d7ee1a53e51c12350
-
SHA512
589a5bf6cf0be6e65ab1b504b78d2df20d7b7f79406e261e82e83bdc8f6e13e4f37cdf81d621da5a0b3e3a27a77ede52586beb35419ca287c6b97f55510b575f
-
SSDEEP
3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkpS2FpTw2yDRj:AHgtEWPsL/aTyT9GkQ2rTw2yDRj
Behavioral task
behavioral1
Sample
2c99275ab5366567f8ddb005b1347e58_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c99275ab5366567f8ddb005b1347e58_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://rochelldiy.com/ucigm/d_8_kv/
http://sh.m.sxhpyy.com/special/c_eh6r_m97/
http://hx.sxheping120.com/zt/ixq_vc2ru_xv6/
http://tf.sxhpyy120.com/a/k_q_wc6o2/
http://selectadrive.nl/wp-admin/ek_yve_bgtxm/
Targets
-
-
Target
2c99275ab5366567f8ddb005b1347e58_JaffaCakes118
-
Size
232KB
-
MD5
2c99275ab5366567f8ddb005b1347e58
-
SHA1
1eba4b2478789e30b11cb3c01abe51a83c3b87ab
-
SHA256
b5ced3fd9b5203a48e44f9df4cb09216c9527f2bdae51b0d7ee1a53e51c12350
-
SHA512
589a5bf6cf0be6e65ab1b504b78d2df20d7b7f79406e261e82e83bdc8f6e13e4f37cdf81d621da5a0b3e3a27a77ede52586beb35419ca287c6b97f55510b575f
-
SSDEEP
3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkpS2FpTw2yDRj:AHgtEWPsL/aTyT9GkQ2rTw2yDRj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-