Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d4eb931d97a7ae1aa727f68d32763920_JaffaCakes118
-
Size
154KB
-
Sample
240908-whv3lsygqr
-
MD5
d4eb931d97a7ae1aa727f68d32763920
-
SHA1
807182407c85efe5880aacfa21043e487b7871c8
-
SHA256
b5be7bb2f5a521f8ec0417e9f4da3c9f919f688a9a2c089b1503e1bab24e3eff
-
SHA512
ae357488a9aac61d9fc155db2f8b360952f789f371103ea57dfc65e11140d604d7838444e16e1c9a88158a8912f515a040755cdc41618d891211b4dfb7d739ff
-
SSDEEP
1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9UQ54LW0wK:5rfrzOH98ipgg+qDwK
Malware Config
Extracted
http://intrasistemas.com/cgi-bin/mTQls3/
http://gforcems.it/modules/D/
http://cooltattoo.es/hatone/6YAA0O2/
http://diesner.de/css/cf/
http://go4it24.be/administrator/Q1r3/
http://eltrafalgar.com/wp-includes/VFSi/
http://infoestudio.es/cursos/qPP/
Targets
-
-
Target
d4eb931d97a7ae1aa727f68d32763920_JaffaCakes118
-
Size
154KB
-
MD5
d4eb931d97a7ae1aa727f68d32763920
-
SHA1
807182407c85efe5880aacfa21043e487b7871c8
-
SHA256
b5be7bb2f5a521f8ec0417e9f4da3c9f919f688a9a2c089b1503e1bab24e3eff
-
SHA512
ae357488a9aac61d9fc155db2f8b360952f789f371103ea57dfc65e11140d604d7838444e16e1c9a88158a8912f515a040755cdc41618d891211b4dfb7d739ff
-
SSDEEP
1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9UQ54LW0wK:5rfrzOH98ipgg+qDwK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-