Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7c606c19d1900791c2c410863d8e802c_JaffaCakes118
-
Size
190KB
-
Sample
240528-ksmcnsdb2z
-
MD5
7c606c19d1900791c2c410863d8e802c
-
SHA1
429ff2c7048112e2693d7f0cd8ee1f7fb824c07a
-
SHA256
09256feaae44245c56e248adab283c64e4523847450286862fba87f65d6e708d
-
SHA512
addccbca0f7a5c1dd6118138381ae7ffcb64b3ef900d50492114318ce40ae24505fd50011ed1cef9616bbc7e2e9b1155b597551ff3047dfb95a471307a5eae17
-
SSDEEP
3072:d377HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qHzXWjPwIlFUjS+IyGm9wYj8t5UaMP:d377HUUUUUUUUUUUUUUUUUUUT52VKgPm
Behavioral task
behavioral1
Sample
7c606c19d1900791c2c410863d8e802c_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7c606c19d1900791c2c410863d8e802c_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://ekokominki.pl/3vp4/l_Op/
https://giangphan.vn/evhu/s_t/
http://gkmfx.net/wp-admin/y_v/
http://dogmates.club/wp-content/uploads/fe_N/
http://www.iplaz.pt/wp-admin/W_D/
Targets
-
-
Target
7c606c19d1900791c2c410863d8e802c_JaffaCakes118
-
Size
190KB
-
MD5
7c606c19d1900791c2c410863d8e802c
-
SHA1
429ff2c7048112e2693d7f0cd8ee1f7fb824c07a
-
SHA256
09256feaae44245c56e248adab283c64e4523847450286862fba87f65d6e708d
-
SHA512
addccbca0f7a5c1dd6118138381ae7ffcb64b3ef900d50492114318ce40ae24505fd50011ed1cef9616bbc7e2e9b1155b597551ff3047dfb95a471307a5eae17
-
SSDEEP
3072:d377HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qHzXWjPwIlFUjS+IyGm9wYj8t5UaMP:d377HUUUUUUUUUUUUUUUUUUUT52VKgPm
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-