Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7f2b0e5e945932cf80abcb659170103b_JaffaCakes118
-
Size
157KB
-
Sample
240529-cgzjvseb61
-
MD5
7f2b0e5e945932cf80abcb659170103b
-
SHA1
0055e24084e32b45466295d13cb90ebdc5e6cd3f
-
SHA256
712e615431a31f1c860bfa02c6f87f1c0e4238d6b1d4a9cbf12aa9f4328b0ba7
-
SHA512
bb090e424e3371b3d54f099d2b8095c6f62975ea192cd00802cd0e35694fc0ced9834a2b42ca45e6baca41be37b5eea9a4a96bbfe02b2813a646eafabe7d4229
-
SSDEEP
1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9NTgwQx5EvGtarWfjPYKwAL+wT+5Q:CrfrzOH98ipgPwT+5Q
Behavioral task
behavioral1
Sample
7f2b0e5e945932cf80abcb659170103b_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7f2b0e5e945932cf80abcb659170103b_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://chengmikeji.com/wp-includes/mxbiVC/
http://18.217.198.135/wp-admin/D/
https://mixnchic.com/installo/vExTq/
http://portalpymes.es/http:/yCVBv/
http://www.gozowindmill.com/meteo/i5PR3e/
http://transfersuvan.com/wp-admin/bfK/
http://arquivopop.com.br/index_htm_files/bk/
Targets
-
-
Target
7f2b0e5e945932cf80abcb659170103b_JaffaCakes118
-
Size
157KB
-
MD5
7f2b0e5e945932cf80abcb659170103b
-
SHA1
0055e24084e32b45466295d13cb90ebdc5e6cd3f
-
SHA256
712e615431a31f1c860bfa02c6f87f1c0e4238d6b1d4a9cbf12aa9f4328b0ba7
-
SHA512
bb090e424e3371b3d54f099d2b8095c6f62975ea192cd00802cd0e35694fc0ced9834a2b42ca45e6baca41be37b5eea9a4a96bbfe02b2813a646eafabe7d4229
-
SSDEEP
1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9NTgwQx5EvGtarWfjPYKwAL+wT+5Q:CrfrzOH98ipgPwT+5Q
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-