Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a8bc890acfe5e57cf3d01900aebd544f_JaffaCakes118

  • Size

    542KB

  • Sample

    240403-2qr9ksfb5t

  • MD5

    a8bc890acfe5e57cf3d01900aebd544f

  • SHA1

    4019fbfaffbcb131ec9b2ebeb3701c5ac70b4f38

  • SHA256

    60124b0a5822debc0cb0e7c877c74fee1bf50bac82dbdd5dc8e664cf487daed1

  • SHA512

    ed5b0d358a22738fca472afe54d673355c5ed7b49e59491cf25faca7dc83ba7a2e49ae160643c7ec5f5cdb9974dc58cb0670d4025bb634418b09ec972efb9714

  • SSDEEP

    12288:lz7ypuBB3IpMiw4Ef6M84ntMeBAofagCuOqPikH5P:xAuBBfUM8eB1fCuZPnP

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://94.140.112.22/45385.9497212963.dat

xlm40.dropper

http://80.92.206.79/45385.9497212963.dat

xlm40.dropper

http://23.106.125.39/45385.9497212963.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://94.140.112.22/45385.9497405093.dat

xlm40.dropper

http://80.92.206.79/45385.9497405093.dat

xlm40.dropper

http://23.106.125.39/45385.9497405093.dat

Targets

    • Target

      a8bc890acfe5e57cf3d01900aebd544f_JaffaCakes118

    • Size

      542KB

    • MD5

      a8bc890acfe5e57cf3d01900aebd544f

    • SHA1

      4019fbfaffbcb131ec9b2ebeb3701c5ac70b4f38

    • SHA256

      60124b0a5822debc0cb0e7c877c74fee1bf50bac82dbdd5dc8e664cf487daed1

    • SHA512

      ed5b0d358a22738fca472afe54d673355c5ed7b49e59491cf25faca7dc83ba7a2e49ae160643c7ec5f5cdb9974dc58cb0670d4025bb634418b09ec972efb9714

    • SSDEEP

      12288:lz7ypuBB3IpMiw4Ef6M84ntMeBAofagCuOqPikH5P:xAuBBfUM8eB1fCuZPnP

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks