Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118
-
Size
202KB
-
Sample
240824-vfrrqs1hkq
-
MD5
bf0b0a3501aeb456a2513f8bd43f558a
-
SHA1
b17d1b89ea913666b7eacb2fddad6f1cc045a63a
-
SHA256
00aa2833332261ee444a5437a5ab56474bb743924d2d1be87777f4fa2a1688c5
-
SHA512
cbbdb24c134370184b497dfae451de094ac56e4eacf07f69268347bd81e9e9290536ddcb9b7730a754fc11a76afa263960502d0e701ef1c194ed88001ecdac4a
-
SSDEEP
3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZYpSgKsiEHE+b64JE:dBtgVIveNZvn6zKjEkc6cE
Static task
static1
Behavioral task
behavioral1
Sample
bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118.doc
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://bavhome.com/wp-content/td/
http://hercinovic.com/cgi-bin/mZt/
https://jeffdahlke.com/css/3u/
http://calledtochange.org/CalledtoChange/V/
http://daoisthealing.com/cgi-bin/c/
https://scyzm.net/wp-content/j/
http://www.bismarjeparamebel.com/u/pCp/
Targets
-
-
Target
bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118
-
Size
202KB
-
MD5
bf0b0a3501aeb456a2513f8bd43f558a
-
SHA1
b17d1b89ea913666b7eacb2fddad6f1cc045a63a
-
SHA256
00aa2833332261ee444a5437a5ab56474bb743924d2d1be87777f4fa2a1688c5
-
SHA512
cbbdb24c134370184b497dfae451de094ac56e4eacf07f69268347bd81e9e9290536ddcb9b7730a754fc11a76afa263960502d0e701ef1c194ed88001ecdac4a
-
SSDEEP
3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZYpSgKsiEHE+b64JE:dBtgVIveNZvn6zKjEkc6cE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-