Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
af2a61fea70fc4b92dfc72bdd17ae2af_JaffaCakes118
-
Size
161KB
-
Sample
240820-pc33ps1cjc
-
MD5
af2a61fea70fc4b92dfc72bdd17ae2af
-
SHA1
9a7b42d1014ddc487430e446391e57d3ec1d0189
-
SHA256
4b44a49d851cfe708c39124110dcb95dd328ecb52b9c80a0bc91c9fffd677ef0
-
SHA512
d35a712a77f76ef2a906d1a58bd73b05406f0b09d5d9fdb4e5d18d5e355f3688af0f3850e5bd564fd2ee5e91751d0097edc131fd852cd835ed798275c0034e66
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTCWJ3/t5AtmGj:+Ct+zjR9/TX07hHcJQTJvt5AtmGj
Malware Config
Extracted
http://khobormalda.com/wp-content/82/
http://blog.zunapro.com/wp-admin/LEE/
http://megasolucoesti.com/R9KDq0O8w/Y/
https://online24h.biz/wp-admin/K/
https://fepami.com/wp-includes/eaI/
http://ora-ks.com/system/cache/w/
http://padamagro.com/wp-admin/Nc/
Targets
-
-
Target
af2a61fea70fc4b92dfc72bdd17ae2af_JaffaCakes118
-
Size
161KB
-
MD5
af2a61fea70fc4b92dfc72bdd17ae2af
-
SHA1
9a7b42d1014ddc487430e446391e57d3ec1d0189
-
SHA256
4b44a49d851cfe708c39124110dcb95dd328ecb52b9c80a0bc91c9fffd677ef0
-
SHA512
d35a712a77f76ef2a906d1a58bd73b05406f0b09d5d9fdb4e5d18d5e355f3688af0f3850e5bd564fd2ee5e91751d0097edc131fd852cd835ed798275c0034e66
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTCWJ3/t5AtmGj:+Ct+zjR9/TX07hHcJQTJvt5AtmGj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-