Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14daa4102435e660c6bb0ee22647be5f_JaffaCakes118

  • Size

    249KB

  • Sample

    240504-2xe8laed2w

  • MD5

    14daa4102435e660c6bb0ee22647be5f

  • SHA1

    2d5e7f62e05070d47172f78261fcd51981d729f4

  • SHA256

    be308880645b0a69fc1542b416dc00d1af234a51bfc2bb94ab8f499474fc605f

  • SHA512

    6c46362575444c328a9259034cf92aff13580d2e40da94826b0cdd0de82a22618c479d52874c48b30237e492e1250c63bf301a886b23f37c66f549a562c47d5c

  • SSDEEP

    3072:YyfLEIteDJp626aAaP/2iFsPZkjL/xSu90OoiLuDKZXfwKeljR1B:YyfL8Ozda32rZSxUOmD+XfwLl

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bestprogrammingbooks.com/wp-admin/caD67CPRUd

exe.dropper

http://www.pabloteixeira.com/xoUPk7FI

exe.dropper

http://shoesstockshop.ru/xxLR1CX

exe.dropper

http://maisonvoltaire.org/EsUDRwECHV

exe.dropper

http://xaydungphuongdong.net/C2AGBs7Ah

Targets

    • Target

      14daa4102435e660c6bb0ee22647be5f_JaffaCakes118

    • Size

      249KB

    • MD5

      14daa4102435e660c6bb0ee22647be5f

    • SHA1

      2d5e7f62e05070d47172f78261fcd51981d729f4

    • SHA256

      be308880645b0a69fc1542b416dc00d1af234a51bfc2bb94ab8f499474fc605f

    • SHA512

      6c46362575444c328a9259034cf92aff13580d2e40da94826b0cdd0de82a22618c479d52874c48b30237e492e1250c63bf301a886b23f37c66f549a562c47d5c

    • SSDEEP

      3072:YyfLEIteDJp626aAaP/2iFsPZkjL/xSu90OoiLuDKZXfwKeljR1B:YyfL8Ozda32rZSxUOmD+XfwLl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks