Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
904e1365136041b958a2f407bcf6731b_JaffaCakes118
-
Size
179KB
-
Sample
240603-dbnqvagf5t
-
MD5
904e1365136041b958a2f407bcf6731b
-
SHA1
5131b48088dd3d75da858e8810c5888673955b5e
-
SHA256
7c81019f932c35ff188d4260fe0b23ba6cb27363922cbb8265a8f3121e26c32f
-
SHA512
3220099489dbafcd74f26148137cb568fd1c5e666887a06ce54bb842033d5c2a7da2cd62f894850547ccf488dff504c8ce846a3827a762e7c3b0c1dfb4b63a72
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9mSGIRK9b/WYjd2LO6h/QC27TOvY:crfrzOH98ipg+SGYK9TngLOm27TOvY
Behavioral task
behavioral1
Sample
904e1365136041b958a2f407bcf6731b_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
904e1365136041b958a2f407bcf6731b_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://sasystemsuk.com/index_files/j9b/
https://case.gonukkad.com/sys-cache/fmC/
http://vandamebuilders.com/wp-includes/OEyjc9x/
https://nilinkeji.com/online/Dmz/
http://paganwitch.com/wp-admin/CmubpSk/
http://www.ekramco.ir/english/fn/
http://votesteve.us/closed_zone/Bk/
Targets
-
-
Target
904e1365136041b958a2f407bcf6731b_JaffaCakes118
-
Size
179KB
-
MD5
904e1365136041b958a2f407bcf6731b
-
SHA1
5131b48088dd3d75da858e8810c5888673955b5e
-
SHA256
7c81019f932c35ff188d4260fe0b23ba6cb27363922cbb8265a8f3121e26c32f
-
SHA512
3220099489dbafcd74f26148137cb568fd1c5e666887a06ce54bb842033d5c2a7da2cd62f894850547ccf488dff504c8ce846a3827a762e7c3b0c1dfb4b63a72
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9mSGIRK9b/WYjd2LO6h/QC27TOvY:crfrzOH98ipg+SGYK9TngLOm27TOvY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-