Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118
-
Size
169KB
-
Sample
240907-3z7lasvekh
-
MD5
d318f3b6d53e6d4da4a67fc3ffb7cb1f
-
SHA1
7c57dc98ffd144396528c1b9f5d674c6f5acae59
-
SHA256
65bf16cbd3175b7dda73dded17b19b4dc8d8501e4c40140b053ba45dcd480ffc
-
SHA512
0bcfbd3fbb34f6b188ca1b5f38aa06a134355361fb7390ccc720e3fe90ec863e70c34bac43ff4f018c5891e62ca24b4615a72ffd7b08703ef2746484b462dd38
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HP:trfrzOH98ipgDlqwi
Behavioral task
behavioral1
Sample
d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://theccwork.com/mail.theccwork.com/IJp/
https://www.retirementprofessional.com/wp-admin/tjQ/
https://writingfromling.live/wp-admin/GL/
http://shahqutubuddin.org/ix/
https://jumpstart.store/wp-admin/q/
https://aidenshirt.com/wp-admin/e6f/
https://edenrug.store/wp-admin/H/
Targets
-
-
Target
d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118
-
Size
169KB
-
MD5
d318f3b6d53e6d4da4a67fc3ffb7cb1f
-
SHA1
7c57dc98ffd144396528c1b9f5d674c6f5acae59
-
SHA256
65bf16cbd3175b7dda73dded17b19b4dc8d8501e4c40140b053ba45dcd480ffc
-
SHA512
0bcfbd3fbb34f6b188ca1b5f38aa06a134355361fb7390ccc720e3fe90ec863e70c34bac43ff4f018c5891e62ca24b4615a72ffd7b08703ef2746484b462dd38
-
SSDEEP
1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HP:trfrzOH98ipgDlqwi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-