Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118
-
Size
968KB
-
Sample
240812-mcd3gawglp
-
MD5
8e5aacbc0e4ff084a0193ba315167f2b
-
SHA1
aa1a11ac84407bf6fb7523642943c717a612cc84
-
SHA256
e1b78d2e1c52b5e26e9d8ce84cf2ee145c5f0b24e76e56c6862f129b3d4f59a9
-
SHA512
dd7ddb79e36f4d60e40d4fb4d657dea2ae37240e790e34e815a069b4b28302a5c9bdcb6354298d3826092a98bc4c20edcace37eb6af100383d75f2335c0f8205
-
SSDEEP
24576:V84Dk9sKBwlOSJxqGAuvB97L88Sio5FSVPEHN/rZQ:V8l9xeOS83SS1i
Behavioral task
behavioral1
Sample
8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118
-
Size
968KB
-
MD5
8e5aacbc0e4ff084a0193ba315167f2b
-
SHA1
aa1a11ac84407bf6fb7523642943c717a612cc84
-
SHA256
e1b78d2e1c52b5e26e9d8ce84cf2ee145c5f0b24e76e56c6862f129b3d4f59a9
-
SHA512
dd7ddb79e36f4d60e40d4fb4d657dea2ae37240e790e34e815a069b4b28302a5c9bdcb6354298d3826092a98bc4c20edcace37eb6af100383d75f2335c0f8205
-
SSDEEP
24576:V84Dk9sKBwlOSJxqGAuvB97L88Sio5FSVPEHN/rZQ:V8l9xeOS83SS1i
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-