Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f3431015a20dfe91d5a3c307c665890_JaffaCakes118

  • Size

    145KB

  • Sample

    240331-1vskgadg63

  • MD5

    5f3431015a20dfe91d5a3c307c665890

  • SHA1

    eb5968420d8bbabe0f37bda36ddc6c08ac01c7ed

  • SHA256

    3b9fc92b72734a6257272850910f2c59ba7aa1633ef234f2f7b8bbeb8eef9075

  • SHA512

    2f6e18b5c87a9d8ea3ff983f6cb325c7d75ac8fab8e2b212a863443bbdb1578effd3accb5815a0b103470bb56e37576ae6f848368f3d6af2d3b25f9a21498d2c

  • SSDEEP

    3072:u2VXXvI6nUshy4hCPl5RZI68y1FbEHm9Bo3t2aiH8wR:C6UshyPtSwbEHmo3lob

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://185.244.150.146/45382.9157380787.dat

xlm40.dropper

http://178.23.190.242/45382.9157380787.dat

xlm40.dropper

http://23.106.124.53/45382.9157380787.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://185.244.150.146/45382.9157439815.dat

xlm40.dropper

http://178.23.190.242/45382.9157439815.dat

xlm40.dropper

http://23.106.124.53/45382.9157439815.dat

Targets

    • Target

      Service-Interrupt-335864247.xls

    • Size

      138KB

    • MD5

      aa7a6477eddfe02b28d0dcef749c5203

    • SHA1

      5e9dc557b31772b5a0cfca7d0bb1fc5ff0a76390

    • SHA256

      f714bfd8605b8f2af133dddb51d5f507025febeefce86a8ad6f9eacfba0d7aed

    • SHA512

      ef4770ba6df4ba28dad8d270d0b41b4c1650a231574b21802bcc915ddc105c9f69d6d55b7f5655d5ece2aeddeb46c57a8c517b93a95705245f73b8783c2e6cd0

    • SSDEEP

      3072:Ek3hOdsylKlgxopeiBNhZFGzE+cL2kdARc6YehWfGvtUHKGDbpmsii2+mZyAqgI8:Ek3hOdsylKlgxopeiBNhZF+E+W2kdARN

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks