Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118
-
Size
156KB
-
Sample
240528-rcscbagc8y
-
MD5
7d3973e50fa19997eea5011ff85bb3ee
-
SHA1
20ecb0f7328ab6f7f0ca5b0e0b5510c690126bc6
-
SHA256
b745c1e7d1a767819af8d95159f3805cc6d4a07a2dc95644101e334582edbbd2
-
SHA512
ff32fd853bc9343c6d555db76c0905fad2d3867aec1fa94ef13f4da0b7bdc8c0170bcfbdb0b7b937e1f4de75feae2d3812af974b5ebe5c2e3c3ac4c92e57786d
-
SSDEEP
1536:Qsthstsrdi1Ir77zOH98Wj2gpngt+a9HGHf3ABlTkBAP3P:3rfrzOH98ipgqPABlTkBAP3P
Behavioral task
behavioral1
Sample
7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://yolticaxcan.com/cgi-bin/T7nT/
http://vqpr.com/client/dN/
http://totogourmet.com/shopping/CRiy/
http://amyescort.de/wp-admin/RVuhzNI/
https://nypthealing.com/wp-includes/nfR/
https://www.lvl.com.br/wp-admin/U2nZ6FNU5G/
http://www.weblinx.com.pk/algarments.com.pk/UMR/
Targets
-
-
Target
7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118
-
Size
156KB
-
MD5
7d3973e50fa19997eea5011ff85bb3ee
-
SHA1
20ecb0f7328ab6f7f0ca5b0e0b5510c690126bc6
-
SHA256
b745c1e7d1a767819af8d95159f3805cc6d4a07a2dc95644101e334582edbbd2
-
SHA512
ff32fd853bc9343c6d555db76c0905fad2d3867aec1fa94ef13f4da0b7bdc8c0170bcfbdb0b7b937e1f4de75feae2d3812af974b5ebe5c2e3c3ac4c92e57786d
-
SSDEEP
1536:Qsthstsrdi1Ir77zOH98Wj2gpngt+a9HGHf3ABlTkBAP3P:3rfrzOH98ipgqPABlTkBAP3P
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-