Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d4a88e3197c77c0baaa1200d916a769_JaffaCakes118
-
Size
233KB
-
Sample
240528-rsljpsaa95
-
MD5
7d4a88e3197c77c0baaa1200d916a769
-
SHA1
bee5d88b478a9bbc3332eb8c3ee9b1cecfd9e88b
-
SHA256
f954e89b36a77905275265bd2fb0d06598eac1367a986b8f882830b42b87b511
-
SHA512
cbc9e32e2ead3872521e69bc093fe3f190d612c3d96dc86fb01bb68f86b3aa1d8692c1045be8da46f64a6ecf5ce21baf2742979e889a0b34003b3c7f7e82c7c8
-
SSDEEP
3072:Ej6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGk2B+8ymwaF+Rc:EHgtEWPsL/aTyT9Gk2BBymwaQRc
Malware Config
Extracted
http://synologlogin.com/cgi-bin/ho_iewdm_x99w/
http://tz005.com/aspnet_client/system_web/upao5_p_i/
http://nucleokardecistalace.org.br/wp-includes/hnor_qz_n66fskbujg/
http://m.hepingzyy120.com/mbsz/tg_h9_9tkc5xa2/
http://identisoft.pt/istore/xz_nf_fql8v7nx/
Targets
-
-
Target
7d4a88e3197c77c0baaa1200d916a769_JaffaCakes118
-
Size
233KB
-
MD5
7d4a88e3197c77c0baaa1200d916a769
-
SHA1
bee5d88b478a9bbc3332eb8c3ee9b1cecfd9e88b
-
SHA256
f954e89b36a77905275265bd2fb0d06598eac1367a986b8f882830b42b87b511
-
SHA512
cbc9e32e2ead3872521e69bc093fe3f190d612c3d96dc86fb01bb68f86b3aa1d8692c1045be8da46f64a6ecf5ce21baf2742979e889a0b34003b3c7f7e82c7c8
-
SSDEEP
3072:Ej6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGk2B+8ymwaF+Rc:EHgtEWPsL/aTyT9Gk2BBymwaQRc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-