Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    16ea5d66df1706dee374737e0af072ba_JaffaCakes118

  • Size

    172KB

  • Sample

    240505-kveqlsch6x

  • MD5

    16ea5d66df1706dee374737e0af072ba

  • SHA1

    8bb0e715e57ead75d33265a28329b4adb693dd7f

  • SHA256

    a162bffd2c7937b14cbc56696db2b2a7a964b9998e204c32edaa94c4de1cddc1

  • SHA512

    a5af0e7d61d37f672223e9dcccc2abd536dd67256f5ba624846ce89439ab21d00c9980c816a68ba1894f5b57fa56370776116d3ca87bde52e200097ab31ac938

  • SSDEEP

    1536:erdi1Ir77zOH98Wj2gpngR+a9LpxO8nq78ct2PU7MXKSSxH5pcKaJn57y2t:erfrzOH98ipgekB57V

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rhyton-building.com/wp-admin/Ey8qV0/

exe.dropper

http://ezzll.com/wp-includes/KIU2WU/

exe.dropper

http://tellmetech.com/wp-content/4ka/

exe.dropper

https://elmundodelareposteria.com/wp-admin/0PVVmJm/

exe.dropper

https://manuelrozas.cl/assets/XWN/

exe.dropper

https://haritdharni.com/wp-admin/bZM/

exe.dropper

https://theworks-group.com/site/pQT6j5/

Targets

    • Target

      16ea5d66df1706dee374737e0af072ba_JaffaCakes118

    • Size

      172KB

    • MD5

      16ea5d66df1706dee374737e0af072ba

    • SHA1

      8bb0e715e57ead75d33265a28329b4adb693dd7f

    • SHA256

      a162bffd2c7937b14cbc56696db2b2a7a964b9998e204c32edaa94c4de1cddc1

    • SHA512

      a5af0e7d61d37f672223e9dcccc2abd536dd67256f5ba624846ce89439ab21d00c9980c816a68ba1894f5b57fa56370776116d3ca87bde52e200097ab31ac938

    • SSDEEP

      1536:erdi1Ir77zOH98Wj2gpngR+a9LpxO8nq78ct2PU7MXKSSxH5pcKaJn57y2t:erfrzOH98ipgekB57V

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks