Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118
-
Size
302KB
-
Sample
240528-ryhd8sac59
-
MD5
7d5016a0f3dbdf66b692f8e5c4375e32
-
SHA1
07d9643f70cd51c7d73dbca1683b0a6ea6438b97
-
SHA256
9675db15d6969d8540660058953cd6888452ca80ebd27ff3950d27c27c93f6f9
-
SHA512
9c2ab250c7cabf561d4c88f2c60ca3fee2abe173807962c2a11ae0b76554536753b9dadb2a24019b3119a7f11fa219398152e15a6bc7e8c7eb19b4ec8561b993
-
SSDEEP
6144:sG5/BnVfRFJ7KK9aHScdX9znGUlOV7QthK4lgAM:s2n9R/lA5dX9znGUlPthpgAM
Behavioral task
behavioral1
Sample
7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://51.15.113.220/2sT3beRO4
http://167.99.85.165/XyBY4Kl
http://18.205.117.241/wp-content/uploads/P7KgkINX
http://23.23.29.10/DAINhWrv
http://18.213.62.169/wp-content/uploads/oEk4aUu
Targets
-
-
Target
7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118
-
Size
302KB
-
MD5
7d5016a0f3dbdf66b692f8e5c4375e32
-
SHA1
07d9643f70cd51c7d73dbca1683b0a6ea6438b97
-
SHA256
9675db15d6969d8540660058953cd6888452ca80ebd27ff3950d27c27c93f6f9
-
SHA512
9c2ab250c7cabf561d4c88f2c60ca3fee2abe173807962c2a11ae0b76554536753b9dadb2a24019b3119a7f11fa219398152e15a6bc7e8c7eb19b4ec8561b993
-
SSDEEP
6144:sG5/BnVfRFJ7KK9aHScdX9znGUlOV7QthK4lgAM:s2n9R/lA5dX9znGUlPthpgAM
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-