Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4a76c9ae8211bcd264532909f8c2875_JaffaCakes118

  • Size

    136KB

  • Sample

    240403-x7e85aag84

  • MD5

    a4a76c9ae8211bcd264532909f8c2875

  • SHA1

    4b9dcfd9c92c956f17a48a1b9dd2299f328a08e5

  • SHA256

    167a95957c76896288917c0d90f05bfa1c5761c048199fafd334d414b0296f45

  • SHA512

    4a2150fac8acfb60a2d4408a2df2d9b4d7b31eed7705bb96f9fb7a82b77423434889226209ac2f6b31befec36b92965463b3bf8b70ec051d83a942a58dfbf4f3

  • SSDEEP

    3072:vk3hOdsylKlgxopeiBNhZFGzE+cL2kdA6c6YehWfGMtUHKGDbpmsiitGmZyAqgOb:vk3hOdsylKlgxopeiBNhZF+E+W2kdA6m

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://188.165.62.61/45385.8122012731.dat

xlm40.dropper

http://79.141.171.170/45385.8122012731.dat

xlm40.dropper

http://185.244.150.138/45385.8122012731.dat

Targets

    • Target

      a4a76c9ae8211bcd264532909f8c2875_JaffaCakes118

    • Size

      136KB

    • MD5

      a4a76c9ae8211bcd264532909f8c2875

    • SHA1

      4b9dcfd9c92c956f17a48a1b9dd2299f328a08e5

    • SHA256

      167a95957c76896288917c0d90f05bfa1c5761c048199fafd334d414b0296f45

    • SHA512

      4a2150fac8acfb60a2d4408a2df2d9b4d7b31eed7705bb96f9fb7a82b77423434889226209ac2f6b31befec36b92965463b3bf8b70ec051d83a942a58dfbf4f3

    • SSDEEP

      3072:vk3hOdsylKlgxopeiBNhZFGzE+cL2kdA6c6YehWfGMtUHKGDbpmsiitGmZyAqgOb:vk3hOdsylKlgxopeiBNhZF+E+W2kdA6m

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks