Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118
-
Size
162KB
-
Sample
240906-ttehwswgmh
-
MD5
cff36af596a5ae63412a79bf6de88ed1
-
SHA1
5be5e50d16b538507c7c6d95c271d995e4ede564
-
SHA256
8c312805d2cac10a8deaaa7ee8aaad782a4a93eade429042f8ac234b2716be7e
-
SHA512
6e53617efbf57703502535770b28ca094cd9d32f340725b27a9866aa7409461590e3da2be34a4218e05a6b6d43125bc98f059640a9f1b85d5ef0bd44b01bc749
-
SSDEEP
1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a965ZVDEuEfBzoIRGQ:T/rfrzOH98ipg+O5JzoQGQ
Behavioral task
behavioral1
Sample
cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118.doc
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://cryptokuota.com/assets/M2ngTrJ/
https://pinterusmedia.com/wp-admin/YX/
https://aszcasino.com/aszdemo/DRloh/
https://dubai-homes.ae/wp-admin/YBJR3M/
https://whitdoit.tk/ljiy53n/xxE/
http://4life.com.vn/wp-admin/R/
http://baran-business.de/wp-content/pMr/
Targets
-
-
Target
cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118
-
Size
162KB
-
MD5
cff36af596a5ae63412a79bf6de88ed1
-
SHA1
5be5e50d16b538507c7c6d95c271d995e4ede564
-
SHA256
8c312805d2cac10a8deaaa7ee8aaad782a4a93eade429042f8ac234b2716be7e
-
SHA512
6e53617efbf57703502535770b28ca094cd9d32f340725b27a9866aa7409461590e3da2be34a4218e05a6b6d43125bc98f059640a9f1b85d5ef0bd44b01bc749
-
SSDEEP
1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a965ZVDEuEfBzoIRGQ:T/rfrzOH98ipg+O5JzoQGQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-