Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
71cf8bbb7d0eada74b4aa426b3693689_JaffaCakes118
-
Size
163KB
-
Sample
240525-nm3n9afc59
-
MD5
71cf8bbb7d0eada74b4aa426b3693689
-
SHA1
13ea6ca92ee7f14a2ea8c4a349743df603fe2ab7
-
SHA256
35422a417432ffa66edca6cb55b6e7d98bca2c621014133e55beac2e9a02bf11
-
SHA512
74712419421e04995768972ce4b3b3ec78b5b379b0c012b7a0719ab07cd698c8863885619a0cda63b709cfc05c6f90df508d275c0b15c14cfd8b3fc18433d44d
-
SSDEEP
1536:glfrdi1Ir77zOH98Wj2gpngx+a99vM/+h+F3K:YrfrzOH98ipghvMy+F3K
Malware Config
Extracted
http://dheeranet.com/Pej/
http://playschoolmatritva.com/cgi-bin/Uh/
http://dikshadayal.com/cgi-bin/Zl78esq/
http://new.mylicense.ca/5aiibj/vS2/
http://nucleokardecistalace.org.br/wp-includes/HviA/
http://britanniacricketleague.com/wp-admin/3qc8lQB/
https://www.hhbiao.com/ro/4Kh/
Targets
-
-
Target
71cf8bbb7d0eada74b4aa426b3693689_JaffaCakes118
-
Size
163KB
-
MD5
71cf8bbb7d0eada74b4aa426b3693689
-
SHA1
13ea6ca92ee7f14a2ea8c4a349743df603fe2ab7
-
SHA256
35422a417432ffa66edca6cb55b6e7d98bca2c621014133e55beac2e9a02bf11
-
SHA512
74712419421e04995768972ce4b3b3ec78b5b379b0c012b7a0719ab07cd698c8863885619a0cda63b709cfc05c6f90df508d275c0b15c14cfd8b3fc18433d44d
-
SSDEEP
1536:glfrdi1Ir77zOH98Wj2gpngx+a99vM/+h+F3K:YrfrzOH98ipghvMy+F3K
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-