Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118
-
Size
174KB
-
Sample
240818-aecwzaxcpn
-
MD5
a4a09a30b1a8ed03d56a45dc17e3ed95
-
SHA1
41c2ee288189424ee7d5ef6cee7e0d26cdd2229b
-
SHA256
355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a
-
SHA512
023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10
-
SSDEEP
3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0
Static task
static1
Behavioral task
behavioral1
Sample
a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://babyshop.webdungsan.com/wp-admin/n/
http://nguyenlieuphachehanoi.com/wp-admin/kL/
http://notesever.com/cgi-bin/Cfs/
http://superbetprediction.com/js/Qo/
http://pattanitkpark.com/gipe2h/iqt/
http://www.xxdaytoy.top/wp-content/E/
http://huaibangchina.com/kic3kc/c/
Targets
-
-
Target
a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118
-
Size
174KB
-
MD5
a4a09a30b1a8ed03d56a45dc17e3ed95
-
SHA1
41c2ee288189424ee7d5ef6cee7e0d26cdd2229b
-
SHA256
355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a
-
SHA512
023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10
-
SSDEEP
3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-