Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118
-
Size
193KB
-
Sample
240516-gk7rvsef9t
-
MD5
49acfa0b1afdf8f4f9b7897d08e94af2
-
SHA1
09108ee9c7a5ac9227556d185ceb22c257243b13
-
SHA256
41a035835264e22d0533d34539e7ae0db8573b8b7bb013a5ad3fddfc6965884c
-
SHA512
1b52521374bd8a85f1473d3cb944201817000d43b015dfc940b4a83e8dea1acacd59e7a158633306d33bdba1fef53616d578561d03154f716bc596a29b646f46
-
SSDEEP
1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVS8:+rfrzOH98ipgad58cIk
Behavioral task
behavioral1
Sample
49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://boys86.com/wp-admin/mO/
http://dacyclin.com/3qx/Z/
https://fepami.com/wp-includes/oRT/
https://xnxxfullhd.com/wp-admin/NAK/
https://www.business-management-degree.net/wp-snapshots/W/
http://homestay.design/wordpress/M/
https://csc-comunity.com/wp-admin/6DW/
Targets
-
-
Target
49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118
-
Size
193KB
-
MD5
49acfa0b1afdf8f4f9b7897d08e94af2
-
SHA1
09108ee9c7a5ac9227556d185ceb22c257243b13
-
SHA256
41a035835264e22d0533d34539e7ae0db8573b8b7bb013a5ad3fddfc6965884c
-
SHA512
1b52521374bd8a85f1473d3cb944201817000d43b015dfc940b4a83e8dea1acacd59e7a158633306d33bdba1fef53616d578561d03154f716bc596a29b646f46
-
SSDEEP
1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVS8:+rfrzOH98ipgad58cIk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-