Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118
-
Size
324KB
-
Sample
240615-1vfwnswcqg
-
MD5
b04cb8c75132e7b7f124a9c37d6d941d
-
SHA1
ed54bfba16dc2daf227cf6be8a951faef2e7552d
-
SHA256
c6f1277b0484041ffff4e2a826a725a38aedcb7bfb55e2bc3c2b7ab47d0b29fd
-
SHA512
fc0f2d875f954460e0ceba97521608d7627579d91b81d4e4ddbb9e6d580e0abbca3157148d64bcae0bd9bc8fcac799648b2e2b4bd314f9f355cfebe44a9d8edc
-
SSDEEP
6144:SG5/BnVfRFJ7KK9aHScdX9znGU+1W2+JkZzZAeRs24C+44NEXvpSTYF6ik:S2n9R/lA5dX9znGU+1Wct/4x44NEB7Fg
Behavioral task
behavioral1
Sample
b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118.doc
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://159.89.153.180/jbgdP2PAlac
http://ketanggungan.desabrebes.id/PYDKI4f4dEx
http://gando24.com/akACCpMfqwHCN
http://laylalanemusic.com/ZYn33EV8HB3mN_I8xn
http://35.244.2.82/1sqwnVupMcFHi
Targets
-
-
Target
b04cb8c75132e7b7f124a9c37d6d941d_JaffaCakes118
-
Size
324KB
-
MD5
b04cb8c75132e7b7f124a9c37d6d941d
-
SHA1
ed54bfba16dc2daf227cf6be8a951faef2e7552d
-
SHA256
c6f1277b0484041ffff4e2a826a725a38aedcb7bfb55e2bc3c2b7ab47d0b29fd
-
SHA512
fc0f2d875f954460e0ceba97521608d7627579d91b81d4e4ddbb9e6d580e0abbca3157148d64bcae0bd9bc8fcac799648b2e2b4bd314f9f355cfebe44a9d8edc
-
SSDEEP
6144:SG5/BnVfRFJ7KK9aHScdX9znGU+1W2+JkZzZAeRs24C+44NEXvpSTYF6ik:S2n9R/lA5dX9znGU+1Wct/4x44NEB7Fg
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-