Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118

  • Size

    191KB

  • Sample

    240508-phn6qscb3y

  • MD5

    24cecf78cc9e295d308dc40cd4bfdb7e

  • SHA1

    5f7c0857acbf88cd45e1f98c4a125c948cb41162

  • SHA256

    2bc8e76e92e5fe4a27e7bcdf6b5982ba7da19098c3df9d8105b34118144a94e9

  • SHA512

    b67e1fb94ff126b1dcd93d254c875dd18778824b0ac5360486b553e09d7da1e2f2490ee5efef84d0242bf5d2204d364d55bff5f625f6a1e1c90aa113f202df0d

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjI0zKNf9cfmfE7qdmVJKk/Juvc5a8a8B:i9ufsfgIf0pLLKbW

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/

exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/

exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/

exe.dropper

http://casualhome.com/wp-admin/Y/

exe.dropper

https://aemine.vn/wp-admin/KMq/

exe.dropper

http://aahnaturals.net/wp-includes/A3/

exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      24cecf78cc9e295d308dc40cd4bfdb7e_JaffaCakes118

    • Size

      191KB

    • MD5

      24cecf78cc9e295d308dc40cd4bfdb7e

    • SHA1

      5f7c0857acbf88cd45e1f98c4a125c948cb41162

    • SHA256

      2bc8e76e92e5fe4a27e7bcdf6b5982ba7da19098c3df9d8105b34118144a94e9

    • SHA512

      b67e1fb94ff126b1dcd93d254c875dd18778824b0ac5360486b553e09d7da1e2f2490ee5efef84d0242bf5d2204d364d55bff5f625f6a1e1c90aa113f202df0d

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjI0zKNf9cfmfE7qdmVJKk/Juvc5a8a8B:i9ufsfgIf0pLLKbW

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks