Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9df3dfb3086ef49424497bc720f197cf_JaffaCakes118
-
Size
152KB
-
Sample
240611-m3zrvsvane
-
MD5
9df3dfb3086ef49424497bc720f197cf
-
SHA1
4052642c9a465f9af8c775290b228c115a241fc0
-
SHA256
0d03a769eb60d885882b834ddd84cc95d6194f91253998018f25169605161758
-
SHA512
d4fa10ddcefa5fce6130cfe45bb32c671dbd3b7a01db2a6ffe0e5fc6051d78f0495bbf4ebe8a91083e58e45a4fe8ce0c432e024cbd3865c48ebb4ae54c77cb83
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9w7Qb4HrO4u9HA:VzrfrzOH98ipgM7I4HrO4u9HA
Behavioral task
behavioral1
Sample
9df3dfb3086ef49424497bc720f197cf_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9df3dfb3086ef49424497bc720f197cf_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://cnnmediaservices.com/wp-admin/czBMOhz/
http://ak3.net/t0XJ/
http://ovday.com/1umq/S5IWl04/
http://gch7.com/wp-includes/Nkwp/
http://chengmikeji.com/wp-includes/9QQ/
http://blog.anseeing.com/sys-cache/h/
http://1sync-wp.x.opencrm.eu/wp-content/Bu/
Targets
-
-
Target
9df3dfb3086ef49424497bc720f197cf_JaffaCakes118
-
Size
152KB
-
MD5
9df3dfb3086ef49424497bc720f197cf
-
SHA1
4052642c9a465f9af8c775290b228c115a241fc0
-
SHA256
0d03a769eb60d885882b834ddd84cc95d6194f91253998018f25169605161758
-
SHA512
d4fa10ddcefa5fce6130cfe45bb32c671dbd3b7a01db2a6ffe0e5fc6051d78f0495bbf4ebe8a91083e58e45a4fe8ce0c432e024cbd3865c48ebb4ae54c77cb83
-
SSDEEP
1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9w7Qb4HrO4u9HA:VzrfrzOH98ipgM7I4HrO4u9HA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-