Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118
-
Size
160KB
-
Sample
240913-awtwtatgqj
-
MD5
dd54ab7192288fa40ae6b02e02a0f149
-
SHA1
ba0517d95e9d708a7f7740b2795b6f1c5c96816a
-
SHA256
65ccd2353b3535aa238fd8463e999fef45409765bde767b753cb0f4c3be5889e
-
SHA512
60d726b6e19e29a753a533e0232998a9196034ecdb5ce2c2f72b55e03a8bc5693cea2feaa69f34a5f5a4a18442acb28610ad38443e6e698ed600b5e3a3340414
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTiWJ3/t5Atmcr:+Ct+zjR9/TX07hHcJQDJvt5Atmcr
Static task
static1
Behavioral task
behavioral1
Sample
dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://khobormalda.com/wp-content/82/
http://blog.zunapro.com/wp-admin/LEE/
http://megasolucoesti.com/R9KDq0O8w/Y/
https://online24h.biz/wp-admin/K/
https://fepami.com/wp-includes/eaI/
http://ora-ks.com/system/cache/w/
http://padamagro.com/wp-admin/Nc/
Targets
-
-
Target
dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118
-
Size
160KB
-
MD5
dd54ab7192288fa40ae6b02e02a0f149
-
SHA1
ba0517d95e9d708a7f7740b2795b6f1c5c96816a
-
SHA256
65ccd2353b3535aa238fd8463e999fef45409765bde767b753cb0f4c3be5889e
-
SHA512
60d726b6e19e29a753a533e0232998a9196034ecdb5ce2c2f72b55e03a8bc5693cea2feaa69f34a5f5a4a18442acb28610ad38443e6e698ed600b5e3a3340414
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTiWJ3/t5Atmcr:+Ct+zjR9/TX07hHcJQDJvt5Atmcr
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-