Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b889ed362328cfcc37ce3617fe810de6_JaffaCakes118
-
Size
176KB
-
Sample
240617-pa6qtatgqq
-
MD5
b889ed362328cfcc37ce3617fe810de6
-
SHA1
d1dad1b1c27050855125002d1161648e678d0cc2
-
SHA256
19e0b1b6a4402f911b01e412a83bd746db4735d6228d63c6619447bc2335dc6e
-
SHA512
2a2ea2e0e95ddf79c9d9371f68bbcb140ce08e7af898dc1c5698c82c536ceef1989e42b20657eca26218eba6b431f21736c03ecc60ed15606b0d2f8fe54c5563
-
SSDEEP
1536:CC+rdi1Ir77zOH98Wj2gpngx+a98H4oaJrtrYYnalL2VCf3okHU:GrfrzOH98ipggHEJrtrDnalL2Vw35U
Behavioral task
behavioral1
Sample
b889ed362328cfcc37ce3617fe810de6_JaffaCakes118.doc
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b889ed362328cfcc37ce3617fe810de6_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://reseller-demo-website.com/discussion/qWWf8FS/
https://www.mockdumps.com/test/Z2pJ/
https://twisterprint.com/chrometheme/Vcr/
http://simulations.org/rw_common/KfX2MW/
http://planosdesaudesemcarencia.com/erros/JHoq/
https://viaje-achina.com/wp-admin/A1O8tL/
https://cearacultural.com.br/turismo/oy/
Targets
-
-
Target
b889ed362328cfcc37ce3617fe810de6_JaffaCakes118
-
Size
176KB
-
MD5
b889ed362328cfcc37ce3617fe810de6
-
SHA1
d1dad1b1c27050855125002d1161648e678d0cc2
-
SHA256
19e0b1b6a4402f911b01e412a83bd746db4735d6228d63c6619447bc2335dc6e
-
SHA512
2a2ea2e0e95ddf79c9d9371f68bbcb140ce08e7af898dc1c5698c82c536ceef1989e42b20657eca26218eba6b431f21736c03ecc60ed15606b0d2f8fe54c5563
-
SSDEEP
1536:CC+rdi1Ir77zOH98Wj2gpngx+a98H4oaJrtrYYnalL2VCf3okHU:GrfrzOH98ipggHEJrtrDnalL2Vw35U
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-