Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bbddda0f139fe3dfa549c23ebde4a58f_JaffaCakes118
-
Size
152KB
-
Sample
240823-qfvfeawara
-
MD5
bbddda0f139fe3dfa549c23ebde4a58f
-
SHA1
9cd8ecc8035e380dd02e79e491ca65141b6055af
-
SHA256
4b9d91be1963c6f42e04bf4f357bb64bdebde601824e684ca980cb75edc41fd9
-
SHA512
bd43a76e1a760313edb2537a3cf918a6b0a81a345fa803e3832d7d7c09e55d4b37a8f6b4c26e0484abe1955537fc6dff1c99aebe2a1f558b0ba4ca2d0a479556
-
SSDEEP
1536:oSGB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5p+a9CPKv9knJbGrQ:oz22TWTogk079THcpOu5UZA5UoOqqxk
Static task
static1
Behavioral task
behavioral1
Sample
bbddda0f139fe3dfa549c23ebde4a58f_JaffaCakes118.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bbddda0f139fe3dfa549c23ebde4a58f_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://armahouse.com/wp-includes/0/
http://bitbenderz.com/ali/4Lo/
http://lagera.com/images/W/
http://msmartyford.com/assets/OI/
http://geisterhouse.com/cgi-bin/FE/
https://konican.com/cgi-bin/nFK/
https://coolcomputers.info/LLC/zD/
Targets
-
-
Target
bbddda0f139fe3dfa549c23ebde4a58f_JaffaCakes118
-
Size
152KB
-
MD5
bbddda0f139fe3dfa549c23ebde4a58f
-
SHA1
9cd8ecc8035e380dd02e79e491ca65141b6055af
-
SHA256
4b9d91be1963c6f42e04bf4f357bb64bdebde601824e684ca980cb75edc41fd9
-
SHA512
bd43a76e1a760313edb2537a3cf918a6b0a81a345fa803e3832d7d7c09e55d4b37a8f6b4c26e0484abe1955537fc6dff1c99aebe2a1f558b0ba4ca2d0a479556
-
SSDEEP
1536:oSGB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5p+a9CPKv9knJbGrQ:oz22TWTogk079THcpOu5UZA5UoOqqxk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-