Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118
-
Size
217KB
-
Sample
240611-v6ceqsvgkp
-
MD5
9f0072ce02154d79381fe3c99d7774d5
-
SHA1
dde7281ab3843f816a93e8595107c383fab57b1c
-
SHA256
75f1d2e9cd7d7f7f877e0758fec979992b23073f7c56ff8b3fbe8fc5c89d0adb
-
SHA512
1924025ca7a59a7097d24cfd77920596516c9ab46bcfff5da377450d722fad3fecb77f9dee19e3a9e227676c0243645bdb58b7bce6d6edf6f12fc5d47f0bd8e1
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9YRQ3n7fxdSoNRf:K22TWTogk079THcpOu5UZ93zBR5gkfx
Behavioral task
behavioral1
Sample
9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://fulfillmententertainment.com/cgi-bin/jO/
http://meadtimes.com/wp-content/VZrDrTw/
http://pinturasydecoracionluis.com/wp-admin/fK3/
http://oconsign.com/cgi-bin/koLViD/
http://umapreowned.com/wp-admin/XF7RBbs/
http://kitecorp.ca/wp-includes/kEI98N/
http://moneyii.com/website/ddeoUDo/
Targets
-
-
Target
9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118
-
Size
217KB
-
MD5
9f0072ce02154d79381fe3c99d7774d5
-
SHA1
dde7281ab3843f816a93e8595107c383fab57b1c
-
SHA256
75f1d2e9cd7d7f7f877e0758fec979992b23073f7c56ff8b3fbe8fc5c89d0adb
-
SHA512
1924025ca7a59a7097d24cfd77920596516c9ab46bcfff5da377450d722fad3fecb77f9dee19e3a9e227676c0243645bdb58b7bce6d6edf6f12fc5d47f0bd8e1
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9YRQ3n7fxdSoNRf:K22TWTogk079THcpOu5UZ93zBR5gkfx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-