Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118
-
Size
213KB
-
Sample
240913-ypv3aswejf
-
MD5
decd9f5b452c407b0972ee6f8fcc8fe1
-
SHA1
0261b00ce91a6b4b7b0686acc37548d6a20a4644
-
SHA256
229688b1f7ac90b600e364e4f882c86c76937fa1bad916b4ba9cf48ea1a0ba68
-
SHA512
d3f7f17fbb3f0fc1127f3a568ac9d5679404255aa9426e6a1a4fd5fd57fb0b9d881bee158637c812c9ae2738c230ca450e26c3d98d7c25347f1380a3682f61cc
-
SSDEEP
3072:u22TWTogk079THcpOu5UZh0/6tJR6RNfo:u/TX07hHcJQttT6Rlo
Behavioral task
behavioral1
Sample
decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://www.1plus-agency.com/tmp/nlr08Z0/
http://winadev.com/uglot/iiClU/
https://enews.enkj.com/wordpress/h62/
https://apicosto.misco-furniture.com/dvzmj/0xm3yS/
http://drbeatrice.com/wp-content/HSz/
https://ienerpro.com/cgi-bin/VVwhOR/
https://premierbarsamui.com/Irc/O/
Targets
-
-
Target
decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118
-
Size
213KB
-
MD5
decd9f5b452c407b0972ee6f8fcc8fe1
-
SHA1
0261b00ce91a6b4b7b0686acc37548d6a20a4644
-
SHA256
229688b1f7ac90b600e364e4f882c86c76937fa1bad916b4ba9cf48ea1a0ba68
-
SHA512
d3f7f17fbb3f0fc1127f3a568ac9d5679404255aa9426e6a1a4fd5fd57fb0b9d881bee158637c812c9ae2738c230ca450e26c3d98d7c25347f1380a3682f61cc
-
SSDEEP
3072:u22TWTogk079THcpOu5UZh0/6tJR6RNfo:u/TX07hHcJQttT6Rlo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-