Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
71798c1415bd2c656552ec32c9835538_JaffaCakes118
-
Size
187KB
-
Sample
240525-k1gr6acc3t
-
MD5
71798c1415bd2c656552ec32c9835538
-
SHA1
51702d9597e77b881c90467455c6479d6a8b7774
-
SHA256
0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002
-
SHA512
fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f
-
SSDEEP
1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR
Behavioral task
behavioral1
Sample
71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://dtyl.shop/wp-content/W68Nx/
https://star-speed.vip/wp-admin/U2jRIg/
https://cshub123.cn/wp-admin/Gajs/
https://viettellogistics.com.vn/wp-content/oS4/
http://cococat.se/wp-admin/2Oaf/
http://andresirjan.ir/wp-admin/JSH/
https://sptrade.com.br/wp-includes/iFZOvL/
Targets
-
-
Target
71798c1415bd2c656552ec32c9835538_JaffaCakes118
-
Size
187KB
-
MD5
71798c1415bd2c656552ec32c9835538
-
SHA1
51702d9597e77b881c90467455c6479d6a8b7774
-
SHA256
0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002
-
SHA512
fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f
-
SSDEEP
1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-