Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118
-
Size
217KB
-
Sample
240921-b1vjksygra
-
MD5
eed3b64b0cecdaf53dc6b7897cc25a94
-
SHA1
9e329077f05351a315c6db0f86bd0df73d37fe6a
-
SHA256
c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869
-
SHA512
392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB
Behavioral task
behavioral1
Sample
eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://fulfillmententertainment.com/cgi-bin/jO/
http://meadtimes.com/wp-content/VZrDrTw/
http://pinturasydecoracionluis.com/wp-admin/fK3/
http://oconsign.com/cgi-bin/koLViD/
http://umapreowned.com/wp-admin/XF7RBbs/
http://kitecorp.ca/wp-includes/kEI98N/
http://moneyii.com/website/ddeoUDo/
Targets
-
-
Target
eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118
-
Size
217KB
-
MD5
eed3b64b0cecdaf53dc6b7897cc25a94
-
SHA1
9e329077f05351a315c6db0f86bd0df73d37fe6a
-
SHA256
c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869
-
SHA512
392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78
-
SSDEEP
1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-