Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06d0ab6a3e82d72a9fa32a8a126093ed_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240429-e3hjksac27

  • MD5

    06d0ab6a3e82d72a9fa32a8a126093ed

  • SHA1

    d36d641b92a9710e03828afa17c098bf5050c3ec

  • SHA256

    5e11b619c6ec7683fe55f0e61dbebeda414d2a2917d5873c7567fb0341d1a5a0

  • SHA512

    db55e407cc2754e737b0bfe0d61c6170df1cfb1e1743792bc8ab1379564de9a657ee0691a8f6d9320dc6edc335c4d72bdba2c0f52a94a68eefb7d72d01926921

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrl7:NABc

Score
10/10

Malware Config

Targets

    • Target

      06d0ab6a3e82d72a9fa32a8a126093ed_JaffaCakes118

    • Size

      1.8MB

    • MD5

      06d0ab6a3e82d72a9fa32a8a126093ed

    • SHA1

      d36d641b92a9710e03828afa17c098bf5050c3ec

    • SHA256

      5e11b619c6ec7683fe55f0e61dbebeda414d2a2917d5873c7567fb0341d1a5a0

    • SHA512

      db55e407cc2754e737b0bfe0d61c6170df1cfb1e1743792bc8ab1379564de9a657ee0691a8f6d9320dc6edc335c4d72bdba2c0f52a94a68eefb7d72d01926921

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrl7:NABc

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks