Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118
-
Size
192KB
-
Sample
240528-qt9r9agf25
-
MD5
7d2387a3f8ca64bd95094e194aa0c10c
-
SHA1
346983a8335cf6a6173c792b00f0e5680b9db94f
-
SHA256
bd489be4b4636b4c0b9c2d7749b084fa534ec31195744d5b02e9d073925dd44d
-
SHA512
f8cb8070fc1640a798821d94fc2cc51c877a58cbf38f7ff34ea596ba64236dc4593139db6898abb16dfbda0cdda89d7fff8c2206d3395a82c9e9e0b48259077b
-
SSDEEP
1536:+rdi1Ir77zOH98Wj2gpng9+a9dk1qJDba/qrHEs+nPyNdOx7xe/:+rfrzOH98ipgLva/qTX+nPyLOBY/
Behavioral task
behavioral1
Sample
7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://zplusshopping.com/wp-content/plugins/8ek/
https://www.cupgel.com/__MACOSX/3/
http://freespiritmind.com/MASD/HowTo/css/J/
http://crewnecksusa.com/wp-content/NJ/
http://www.dougsuniverse.com/pics/yL8/
https://idilsoft.com/admin/B/
https://guhaasmart.com/wp-content/s/
Targets
-
-
Target
7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118
-
Size
192KB
-
MD5
7d2387a3f8ca64bd95094e194aa0c10c
-
SHA1
346983a8335cf6a6173c792b00f0e5680b9db94f
-
SHA256
bd489be4b4636b4c0b9c2d7749b084fa534ec31195744d5b02e9d073925dd44d
-
SHA512
f8cb8070fc1640a798821d94fc2cc51c877a58cbf38f7ff34ea596ba64236dc4593139db6898abb16dfbda0cdda89d7fff8c2206d3395a82c9e9e0b48259077b
-
SSDEEP
1536:+rdi1Ir77zOH98Wj2gpng9+a9dk1qJDba/qrHEs+nPyNdOx7xe/:+rfrzOH98ipgLva/qTX+nPyLOBY/
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-