Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118
-
Size
164KB
-
Sample
240929-k61r8axdrn
-
MD5
fe374f6ff25ac7e18f2bdb4361ce0e4f
-
SHA1
013f815c13b221506bd09a2bb77abc0b8117eab8
-
SHA256
1ddec7617d6087292e3d51b1fe1079a93c28e9546171d2bbd2fa6f049fe2a089
-
SHA512
09f7c729c81f2816f45c4824c8fe90419246ceab6418d46d5649861f5eb0905e7458f4c8c9985896d6fe103fa9b41a909dfb121a4f0ed60468e5c144e71dc13d
-
SSDEEP
1536:KPB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9RluNGGdywlZO:KP22TWTogk079THcpOu5UZfluNTdTZO
Static task
static1
Behavioral task
behavioral1
Sample
fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://vuatritue.com/wp-admin/w/
http://castlestudios.com/bots/7/
https://www.afriqueindustries-sa.com/ootqgtbgutgqkxfq/dS9/
http://brandstrumpet-001-site1.ctempurl.com/default/lnD/
http://oneinsix.com/test/u/
http://livefarma.com/wp-content/hpu/
http://datawyse.net/cgi-bin/8/
Targets
-
-
Target
fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118
-
Size
164KB
-
MD5
fe374f6ff25ac7e18f2bdb4361ce0e4f
-
SHA1
013f815c13b221506bd09a2bb77abc0b8117eab8
-
SHA256
1ddec7617d6087292e3d51b1fe1079a93c28e9546171d2bbd2fa6f049fe2a089
-
SHA512
09f7c729c81f2816f45c4824c8fe90419246ceab6418d46d5649861f5eb0905e7458f4c8c9985896d6fe103fa9b41a909dfb121a4f0ed60468e5c144e71dc13d
-
SSDEEP
1536:KPB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9RluNGGdywlZO:KP22TWTogk079THcpOu5UZfluNTdTZO
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-