Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
949cfeccd390a826df383a535889c10f_JaffaCakes118
-
Size
170KB
-
Sample
240604-m9pv8seb8y
-
MD5
949cfeccd390a826df383a535889c10f
-
SHA1
ad3a6780a0fce6eceb9581ba329e839a52c66908
-
SHA256
dab27520c5577f059d11bd78d22f8d5cf492cdc0150781ba9b28b5fbacc5c185
-
SHA512
da3e7b655a6b9d59d5c93982d3ce180ca765d1ae9f41fafbb7031b207d51cace0ba13a0bc68e56eb77fe9ff56e07bdea58a00269b3ce6e6d057bf6bd1014c2d5
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9dWvrCv3Pt6DwV:s22TWTogk079THcpOu5UZCvw3Pt6DwV
Static task
static1
Behavioral task
behavioral1
Sample
949cfeccd390a826df383a535889c10f_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
949cfeccd390a826df383a535889c10f_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://ckinterbiz.com/backup/waI0rNy/
http://creationskateboards.com/shred/xnYp2/
http://bnmintl.com/cgi-bin/hQuB2/
http://buildingrobots.net/cgi-bin/LKgv/
http://booksearch.com/index_files/U/
http://davehale.ca/cgi-bin/v4kax/
https://www.equiposjj.com/cgi-bin/h0MId/
Targets
-
-
Target
949cfeccd390a826df383a535889c10f_JaffaCakes118
-
Size
170KB
-
MD5
949cfeccd390a826df383a535889c10f
-
SHA1
ad3a6780a0fce6eceb9581ba329e839a52c66908
-
SHA256
dab27520c5577f059d11bd78d22f8d5cf492cdc0150781ba9b28b5fbacc5c185
-
SHA512
da3e7b655a6b9d59d5c93982d3ce180ca765d1ae9f41fafbb7031b207d51cace0ba13a0bc68e56eb77fe9ff56e07bdea58a00269b3ce6e6d057bf6bd1014c2d5
-
SSDEEP
1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9dWvrCv3Pt6DwV:s22TWTogk079THcpOu5UZCvw3Pt6DwV
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-