Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4e18e09ebe9904bcc1665a03ccf7289c_JaffaCakes118

  • Size

    139KB

  • Sample

    240331-fw7essec7z

  • MD5

    4e18e09ebe9904bcc1665a03ccf7289c

  • SHA1

    682123a35c4ab059373eff365ad65302e00d5436

  • SHA256

    9a0a90027d20cb15d3be76724f39f8b99e68837a2e0f8a781de7b3ae2895611a

  • SHA512

    b65944c65ce2a516e4a22d0c7c390c0cf4170d75f47a5a7c40734f63c51690a2fccaab5f3b46532443441c836ba23fadd79726ee86582af82bfa11bd5d1efbda

  • SSDEEP

    3072:Uk3hOdsylKlgxopeiBNhZFGzE+cL2kdAXc6YehWfGjtUHKGDbpmsiiB9030K+lrq:Uk3hOdsylKlgxopeiBNhZF+E+W2kdAXZ

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://194.104.136.62/45382.2186247685.dat

xlm40.dropper

http://23.106.125.248/45382.2186247685.dat

xlm40.dropper

http://79.141.165.17/45382.2186247685.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://194.104.136.62/45382.2185143519.dat

xlm40.dropper

http://23.106.125.248/45382.2185143519.dat

xlm40.dropper

http://79.141.165.17/45382.2185143519.dat

Targets

    • Target

      4e18e09ebe9904bcc1665a03ccf7289c_JaffaCakes118

    • Size

      139KB

    • MD5

      4e18e09ebe9904bcc1665a03ccf7289c

    • SHA1

      682123a35c4ab059373eff365ad65302e00d5436

    • SHA256

      9a0a90027d20cb15d3be76724f39f8b99e68837a2e0f8a781de7b3ae2895611a

    • SHA512

      b65944c65ce2a516e4a22d0c7c390c0cf4170d75f47a5a7c40734f63c51690a2fccaab5f3b46532443441c836ba23fadd79726ee86582af82bfa11bd5d1efbda

    • SSDEEP

      3072:Uk3hOdsylKlgxopeiBNhZFGzE+cL2kdAXc6YehWfGjtUHKGDbpmsiiB9030K+lrq:Uk3hOdsylKlgxopeiBNhZF+E+W2kdAXZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks