Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118
-
Size
133KB
-
Sample
240929-hjng9stbll
-
MD5
fdfd991ced46a4dc2ae4a9ce04aa25c0
-
SHA1
4c736fa3d75f48e8c63aa40202ff224f22f8028f
-
SHA256
27442f20eb59b4d209325e6568821d54267357d72c350b9aac8bdbe721e0235c
-
SHA512
49c7c5f42b6dc4233741b0862c09d2ed3afaf1958e83ea06995aaeb187e568e95ce0f86f9b0d766852612bf09f8754a9021d732a21e258d71a334d2e11a9d314
-
SSDEEP
1536:LA2RD3bNqfNpu39IId5a6XP3Mg8afSqTVyzwyQUpsJNw:VR1qf69xak3MgxSOEzwyQisJNw
Static task
static1
Behavioral task
behavioral1
Sample
fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://account-creation.tvstartup.com/wp-content/themes/yMqhmRl/
http://305.tvstartup.com/wp-content/hE2GpD/
http://khuranaeyecarecentre.com/article/GQX1/
http://esteticavaleria.com/wp-content/xmLGWWW/
http://yashdemo.yashinfosystems.com/advpanel/OVTRE/
http://eventswifiinternet.com/wp-content/E/
http://opendoorsukraine.com/media/UvBoX8A/
Targets
-
-
Target
fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118
-
Size
133KB
-
MD5
fdfd991ced46a4dc2ae4a9ce04aa25c0
-
SHA1
4c736fa3d75f48e8c63aa40202ff224f22f8028f
-
SHA256
27442f20eb59b4d209325e6568821d54267357d72c350b9aac8bdbe721e0235c
-
SHA512
49c7c5f42b6dc4233741b0862c09d2ed3afaf1958e83ea06995aaeb187e568e95ce0f86f9b0d766852612bf09f8754a9021d732a21e258d71a334d2e11a9d314
-
SSDEEP
1536:LA2RD3bNqfNpu39IId5a6XP3Mg8afSqTVyzwyQUpsJNw:VR1qf69xak3MgxSOEzwyQisJNw
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-