Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75b4238c2f85004e081db828b23a5cec_JaffaCakes118

  • Size

    542KB

  • Sample

    240401-vp6bgsac4w

  • MD5

    75b4238c2f85004e081db828b23a5cec

  • SHA1

    49de5b1aa6a602788242a5e903ec2b55143c0231

  • SHA256

    b2faad8a27986b771bf08154f5cf8f0557d924f99569243079255da2ef460ba0

  • SHA512

    42cef1f3667ae2d6760c578ba0a842cdebb86b6a9ed1f508521b6364f9ad95caf1b68904831ef4cdacbbe7a22a52eef0bc6639a5959bbc0c7ddab0bacd3beef9

  • SSDEEP

    12288:uz7ypuBB3IpMiw4Ef6M84ntMeBAofagCuOqPikH5m:WAuBBfUM8eB1fCuZPnm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.236/45383.7161570602.dat

xlm40.dropper

http://101.99.90.73/45383.7161570602.dat

xlm40.dropper

http://194.36.191.16/45383.7161570602.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.236/45383.7160831019.dat

xlm40.dropper

http://101.99.90.73/45383.7160831019.dat

xlm40.dropper

http://194.36.191.16/45383.7160831019.dat

Targets

    • Target

      75b4238c2f85004e081db828b23a5cec_JaffaCakes118

    • Size

      542KB

    • MD5

      75b4238c2f85004e081db828b23a5cec

    • SHA1

      49de5b1aa6a602788242a5e903ec2b55143c0231

    • SHA256

      b2faad8a27986b771bf08154f5cf8f0557d924f99569243079255da2ef460ba0

    • SHA512

      42cef1f3667ae2d6760c578ba0a842cdebb86b6a9ed1f508521b6364f9ad95caf1b68904831ef4cdacbbe7a22a52eef0bc6639a5959bbc0c7ddab0bacd3beef9

    • SSDEEP

      12288:uz7ypuBB3IpMiw4Ef6M84ntMeBAofagCuOqPikH5m:WAuBBfUM8eB1fCuZPnm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks