Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118
-
Size
153KB
-
Sample
240529-djx99agg87
-
MD5
7f4bc0549c7d148ec198903fdd9fbb1f
-
SHA1
e9a44b4aa3da20d9345fe860bde5e137b10b1820
-
SHA256
7e7d1803366d468d089ff0c15817cc44e03d3cc5109473086a613b68cf5cde80
-
SHA512
53994bdc4ab23e49526648a6b3f709e0716ccc4c673e3e75f21e1a1060ae19a07af5fe32d28fce5309e39d6b7183b3a97fe2ccdcff90c936ea8f351851a94852
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9j7Qb4HrO4uiHA:VzrfrzOH98ipg37I4HrO4uiHA
Behavioral task
behavioral1
Sample
7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://cnnmediaservices.com/wp-admin/czBMOhz/
http://ak3.net/t0XJ/
http://ovday.com/1umq/S5IWl04/
http://gch7.com/wp-includes/Nkwp/
http://chengmikeji.com/wp-includes/9QQ/
http://blog.anseeing.com/sys-cache/h/
http://1sync-wp.x.opencrm.eu/wp-content/Bu/
Targets
-
-
Target
7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118
-
Size
153KB
-
MD5
7f4bc0549c7d148ec198903fdd9fbb1f
-
SHA1
e9a44b4aa3da20d9345fe860bde5e137b10b1820
-
SHA256
7e7d1803366d468d089ff0c15817cc44e03d3cc5109473086a613b68cf5cde80
-
SHA512
53994bdc4ab23e49526648a6b3f709e0716ccc4c673e3e75f21e1a1060ae19a07af5fe32d28fce5309e39d6b7183b3a97fe2ccdcff90c936ea8f351851a94852
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9j7Qb4HrO4uiHA:VzrfrzOH98ipg37I4HrO4uiHA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-