Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17c1864a92b2089696428c6ba3610db1_JaffaCakes118

  • Size

    159KB

  • Sample

    240505-p36aradg36

  • MD5

    17c1864a92b2089696428c6ba3610db1

  • SHA1

    16961ba6c5f19d189a3aed4654abe31736e15cd8

  • SHA256

    ff89c1fbff53a20e37f95ba53c554cc3e185ffea3af08c722c963aced19af949

  • SHA512

    9960386f6be5b06121e3ef9643722653cabe417fb43e25cbec3f51f6830b7746c030c168931c2b711cb33ce216c68e4a008b0867009217fe3cc65b6917120786

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9CxRiqLE8ct2PU7eXKSSxH5ppJxuFWD:+0rfrzOH98ipgqkJxuFWD

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/

exe.dropper

http://shahramookht.com/t1k12k7t/8jq/

exe.dropper

http://www.aciitaly.com/adminer-master/gkI/

exe.dropper

https://codelta.es/images/9S35FR/

exe.dropper

https://burstoutloud.com/PPL/Hf/

exe.dropper

https://targetin.com/Silder-1/naK/

exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      17c1864a92b2089696428c6ba3610db1_JaffaCakes118

    • Size

      159KB

    • MD5

      17c1864a92b2089696428c6ba3610db1

    • SHA1

      16961ba6c5f19d189a3aed4654abe31736e15cd8

    • SHA256

      ff89c1fbff53a20e37f95ba53c554cc3e185ffea3af08c722c963aced19af949

    • SHA512

      9960386f6be5b06121e3ef9643722653cabe417fb43e25cbec3f51f6830b7746c030c168931c2b711cb33ce216c68e4a008b0867009217fe3cc65b6917120786

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9CxRiqLE8ct2PU7eXKSSxH5ppJxuFWD:+0rfrzOH98ipgqkJxuFWD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks