Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118
-
Size
166KB
-
Sample
240909-fyvh1stcjj
-
MD5
d5b5cfbb95df232743dbad75d02c5575
-
SHA1
4cd181c06fe8b720867ca8371e4410d3a4898852
-
SHA256
40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5
-
SHA512
6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70
-
SSDEEP
1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk
Static task
static1
Behavioral task
behavioral1
Sample
d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://odeftg.com/odeftg.com/S/
http://hbprivileged.com/info/S/
http://equipamentosmix.com/10/U/
http://mianusman.com/cgi-bin/Fo/
https://www.hairlineunisexsalon.com/demo/CyD/
http://liulibug.com/wp-admin/8Aw/
https://fcbc.group/wp-includes/O/
Targets
-
-
Target
d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118
-
Size
166KB
-
MD5
d5b5cfbb95df232743dbad75d02c5575
-
SHA1
4cd181c06fe8b720867ca8371e4410d3a4898852
-
SHA256
40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5
-
SHA512
6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70
-
SSDEEP
1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-