Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118
-
Size
161KB
-
Sample
240925-rk2wqataqd
-
MD5
f6311593c6ca6a81b2af6bebcc620b6a
-
SHA1
9dc91492c9e5236970c6cdcfeb1d1ca2b37a4a6f
-
SHA256
80bbc6addbc3d97abecb341c4441b7963d70a2a863d25cf0d35137632a841fa4
-
SHA512
0ab5ebf551193aac68c6b28ec7cf5bc2739fe24063f37c33078799c5ce9feed73c19494f0f69ee3dfa6d64de62e9e4c8743dc790eb5810af0e91f372f29ef257
-
SSDEEP
3072:tJVffe3dY9jAcD22TWTogk079THcpOu5UZgVjxzEtZ8jgeoE:tjffe3S5D/TX07hHcJQyxz+Z0geoE
Static task
static1
Behavioral task
behavioral1
Sample
f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://guitarsforisrael.org/QPOUUYxLBk/1nprgf/
http://sadanandpvc.com/twitter/BssXB/
http://help-m2c.eccang.com/pseovck27kr/T/
http://youtube-monetization.com/qrnsp/2v/
http://ahrgintl.com/alfacgiapi/jg1VUae/
http://helionspharmaceutical.com/wp-admin/Xg/
http://hanulmotors.com/nbqso/H0DdOyB/
Targets
-
-
Target
f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118
-
Size
161KB
-
MD5
f6311593c6ca6a81b2af6bebcc620b6a
-
SHA1
9dc91492c9e5236970c6cdcfeb1d1ca2b37a4a6f
-
SHA256
80bbc6addbc3d97abecb341c4441b7963d70a2a863d25cf0d35137632a841fa4
-
SHA512
0ab5ebf551193aac68c6b28ec7cf5bc2739fe24063f37c33078799c5ce9feed73c19494f0f69ee3dfa6d64de62e9e4c8743dc790eb5810af0e91f372f29ef257
-
SSDEEP
3072:tJVffe3dY9jAcD22TWTogk079THcpOu5UZgVjxzEtZ8jgeoE:tjffe3S5D/TX07hHcJQyxz+Z0geoE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-