Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0fe8024219742a269712cfa35bcf3902_JaffaCakes118

  • Size

    182KB

  • Sample

    240503-hjcqrshc9y

  • MD5

    0fe8024219742a269712cfa35bcf3902

  • SHA1

    ad2a753062358ece641c1449c65a6fa49e68e5d2

  • SHA256

    2caf05fb34bd7d621953ca25eb813c6ed8bcbda224727f82e072e3417ab2fa65

  • SHA512

    915c6745fa0bd520784c472612b51056ab8ca6a0e9c134f5a23ebd12f89c31ce645d21e0019ce4043ea5b53a5bf7880430c5383b77627186aa173246b50e9bf2

  • SSDEEP

    3072:9Ny2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUzasiv8Ok7X:9Ny2k4PF7tGiL3HJk9rD7bzasiv8RD

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      0fe8024219742a269712cfa35bcf3902_JaffaCakes118

    • Size

      182KB

    • MD5

      0fe8024219742a269712cfa35bcf3902

    • SHA1

      ad2a753062358ece641c1449c65a6fa49e68e5d2

    • SHA256

      2caf05fb34bd7d621953ca25eb813c6ed8bcbda224727f82e072e3417ab2fa65

    • SHA512

      915c6745fa0bd520784c472612b51056ab8ca6a0e9c134f5a23ebd12f89c31ce645d21e0019ce4043ea5b53a5bf7880430c5383b77627186aa173246b50e9bf2

    • SSDEEP

      3072:9Ny2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUzasiv8Ok7X:9Ny2k4PF7tGiL3HJk9rD7bzasiv8RD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks