Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118
-
Size
153KB
-
Sample
240529-ej4byahf8v
-
MD5
7f6d7b56a4d3eb019500684c5fc46e6c
-
SHA1
069b0f68cdaa3df73e8199c5523e860efb144540
-
SHA256
31aeb8e51051e3d4f523140e952cfdcbd12fa1f65bbb85e1b0050a67d61320b4
-
SHA512
c08498503aa51604a3de8106f4d5128f8526e66d08fb7c4ae6c679aaea3eadf82e3cca2e5eba0a55afc9bf3e47a43f3132323f6c7f51fe6746f5226b84c08050
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9B7Qb4HrO4u/Hg:VzrfrzOH98ipgd7I4HrO4u/Hg
Behavioral task
behavioral1
Sample
7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://cnnmediaservices.com/wp-admin/czBMOhz/
http://ak3.net/t0XJ/
http://ovday.com/1umq/S5IWl04/
http://gch7.com/wp-includes/Nkwp/
http://chengmikeji.com/wp-includes/9QQ/
http://blog.anseeing.com/sys-cache/h/
http://1sync-wp.x.opencrm.eu/wp-content/Bu/
Targets
-
-
Target
7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118
-
Size
153KB
-
MD5
7f6d7b56a4d3eb019500684c5fc46e6c
-
SHA1
069b0f68cdaa3df73e8199c5523e860efb144540
-
SHA256
31aeb8e51051e3d4f523140e952cfdcbd12fa1f65bbb85e1b0050a67d61320b4
-
SHA512
c08498503aa51604a3de8106f4d5128f8526e66d08fb7c4ae6c679aaea3eadf82e3cca2e5eba0a55afc9bf3e47a43f3132323f6c7f51fe6746f5226b84c08050
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9B7Qb4HrO4u/Hg:VzrfrzOH98ipgd7I4HrO4u/Hg
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-