Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118
-
Size
220KB
-
Sample
240611-zv75gs1frj
-
MD5
9f81a86983ccf0dce7d16120dea442bc
-
SHA1
72c75278d18f1a6f529df337dc3e04a02a020352
-
SHA256
5ea7adc9ca4c1270e03f8b693fa75922364406dabbd417dd7d3583fdd1becd9f
-
SHA512
cca99b24aa3ea69d170bfd18279845b560b6b8ed68970c7643bb6a3a97fd91bd9cdfa3832b76bf68e2baa0c7730ae21580a80989b4ca4ba94a45be156747538f
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpRSGju9jDW1M+7mp3i:EtcnvE140o8tIP4apSjDjmUi
Behavioral task
behavioral1
Sample
9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://hottco.com/stats/erd/
http://dutarini.com/cgi-bin/6/
https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/
http://pastaciyiz.biz/wp-includes/fvx/
https://dogaltrm.com/components/r6h/
https://dortislem.net/administrator/c/
https://onyourleftracing.com/cgi-bin/QcC/
Targets
-
-
Target
9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118
-
Size
220KB
-
MD5
9f81a86983ccf0dce7d16120dea442bc
-
SHA1
72c75278d18f1a6f529df337dc3e04a02a020352
-
SHA256
5ea7adc9ca4c1270e03f8b693fa75922364406dabbd417dd7d3583fdd1becd9f
-
SHA512
cca99b24aa3ea69d170bfd18279845b560b6b8ed68970c7643bb6a3a97fd91bd9cdfa3832b76bf68e2baa0c7730ae21580a80989b4ca4ba94a45be156747538f
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovpRSGju9jDW1M+7mp3i:EtcnvE140o8tIP4apSjDjmUi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-