Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17791bac7754950867e1dae692f812ca_JaffaCakes118

  • Size

    190KB

  • Sample

    240505-nngheaca62

  • MD5

    17791bac7754950867e1dae692f812ca

  • SHA1

    93d20b3d1f885dab43c3cbe4cbdd27fe3c343f21

  • SHA256

    cb488450f7c6cb90bdc78dc2e6febe6e9eb0f44713212f6737a5d686a5c682ce

  • SHA512

    cefc2275279b7aa22ec18d3f6959bdd6f7532a3f75e9c4919c0270f8a0469b7f58fef6c8cd00065b26b3ee4e92e651fcb6721b3dfb73d3a1d3a137671e568cc6

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZpNu81zUz4LKTJ:E/TX07hHcJQbuezUEL8J

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/

exe.dropper

http://injazjordan.com/moodle/Vh/

exe.dropper

https://site1.xyz/wp-admin/Y/

exe.dropper

http://2bstone.com/vr7tf0c/ZD/

exe.dropper

http://biology-360.com/wp-admin/hv/

exe.dropper

http://tez-tour.site/wp-content/9sB/

exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      17791bac7754950867e1dae692f812ca_JaffaCakes118

    • Size

      190KB

    • MD5

      17791bac7754950867e1dae692f812ca

    • SHA1

      93d20b3d1f885dab43c3cbe4cbdd27fe3c343f21

    • SHA256

      cb488450f7c6cb90bdc78dc2e6febe6e9eb0f44713212f6737a5d686a5c682ce

    • SHA512

      cefc2275279b7aa22ec18d3f6959bdd6f7532a3f75e9c4919c0270f8a0469b7f58fef6c8cd00065b26b3ee4e92e651fcb6721b3dfb73d3a1d3a137671e568cc6

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZpNu81zUz4LKTJ:E/TX07hHcJQbuezUEL8J

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks