Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    252e85754eb62e98143dd84ac68c12fe_JaffaCakes118

  • Size

    175KB

  • Sample

    240508-rbyspsga8w

  • MD5

    252e85754eb62e98143dd84ac68c12fe

  • SHA1

    10ec6cc360c0dee071edc72d74fa26da2d4b1ddc

  • SHA256

    d35c221d6da8fb62ac4d9b14ed2a8112b1d26af20f8f82a0ee4b60fcaa759903

  • SHA512

    d9eb880715fcc4446b5ecf1c24c324487fe9c4d0c35e9f94830fc77128dc856bf43cd22c2f4d2811b793cd49130469d3ec33a88ce84587d1b65b81a1f6ae81de

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a9pGmLtHzZ:trfrzOH98ipgxFzZ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/

exe.dropper

http://carolinacanullo.com/js/hllPT/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/

exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/

exe.dropper

http://petafilm.com/calendar/6kOpwrt/

exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/

exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      252e85754eb62e98143dd84ac68c12fe_JaffaCakes118

    • Size

      175KB

    • MD5

      252e85754eb62e98143dd84ac68c12fe

    • SHA1

      10ec6cc360c0dee071edc72d74fa26da2d4b1ddc

    • SHA256

      d35c221d6da8fb62ac4d9b14ed2a8112b1d26af20f8f82a0ee4b60fcaa759903

    • SHA512

      d9eb880715fcc4446b5ecf1c24c324487fe9c4d0c35e9f94830fc77128dc856bf43cd22c2f4d2811b793cd49130469d3ec33a88ce84587d1b65b81a1f6ae81de

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a9pGmLtHzZ:trfrzOH98ipgxFzZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks