Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118
-
Size
311KB
-
Sample
240526-vbss8sdh78
-
MD5
7623f0cc18f557e80a9f934fab0f2223
-
SHA1
65d5404df155aa0751fc7dc9ff1ce9490d72e928
-
SHA256
5d60ff40f922e9d528ac267a9751891267e6d2bdee390e9f48fb2126fd5f01a8
-
SHA512
c480832d2982c6b81bc111c2667339756fecfb18fc7e09c6be22c56988d1914340d675f97473292bef5bc02133a26b44dccb55ccaeea8dd9ba59c03a8a037668
-
SSDEEP
6144:dG5/BnVfRFJ7KK9aHScdX9znGUS7Hy7OziB2KiAcD4/:d2n9R/lA5dX9znGUuGbULAC4/
Behavioral task
behavioral1
Sample
7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://balooteabi.com/11FwasoQDp6Byb
http://bignorthbarbell.com/75AixBQLQ8_DbrdTc
http://ortotomsk.ru/XmaxodB
http://bietthunghiduong24h.info/fxTYTjQ4B_X5
http://91.239.233.236/eRR8zYJVDDEXiR
Targets
-
-
Target
7623f0cc18f557e80a9f934fab0f2223_JaffaCakes118
-
Size
311KB
-
MD5
7623f0cc18f557e80a9f934fab0f2223
-
SHA1
65d5404df155aa0751fc7dc9ff1ce9490d72e928
-
SHA256
5d60ff40f922e9d528ac267a9751891267e6d2bdee390e9f48fb2126fd5f01a8
-
SHA512
c480832d2982c6b81bc111c2667339756fecfb18fc7e09c6be22c56988d1914340d675f97473292bef5bc02133a26b44dccb55ccaeea8dd9ba59c03a8a037668
-
SSDEEP
6144:dG5/BnVfRFJ7KK9aHScdX9znGUS7Hy7OziB2KiAcD4/:d2n9R/lA5dX9znGUuGbULAC4/
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-