Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118
-
Size
161KB
-
Sample
240921-h4dtka1amh
-
MD5
ef4e00d7e912910b1184f73b6a860aa8
-
SHA1
a99138b20c126c426df947786137a7cb1e795e9c
-
SHA256
25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578
-
SHA512
ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD
Static task
static1
Behavioral task
behavioral1
Sample
ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://khobormalda.com/wp-content/82/
http://blog.zunapro.com/wp-admin/LEE/
http://megasolucoesti.com/R9KDq0O8w/Y/
https://online24h.biz/wp-admin/K/
https://fepami.com/wp-includes/eaI/
http://ora-ks.com/system/cache/w/
http://padamagro.com/wp-admin/Nc/
Targets
-
-
Target
ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118
-
Size
161KB
-
MD5
ef4e00d7e912910b1184f73b6a860aa8
-
SHA1
a99138b20c126c426df947786137a7cb1e795e9c
-
SHA256
25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578
-
SHA512
ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a
-
SSDEEP
3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-