Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2c4bd045791506a7b824d6c30a4d3346_JaffaCakes118

  • Size

    175KB

  • Sample

    240509-3srw9shd22

  • MD5

    2c4bd045791506a7b824d6c30a4d3346

  • SHA1

    74c2a3b338288b5f779e099007da05084ce43990

  • SHA256

    0de620338216a3c13ea8a4d29f48ec20723321277d41c14f17c94fd8282dc32a

  • SHA512

    f9e82c64136ad92fb1a5e6243b51c2f344e4400b5ef900385e8cea73dc9f32003f71a3d8ad525c2212c46e023f7f97c870e1d06a1fb8ec3468bd49730ba6ee93

  • SSDEEP

    3072:e20EgXSimeOy6MzJiNKDzaJFUKc0UTE7yZRUV7RJeOzi8E:e2yXrmaMEDzYUTE7yZRVUi8E

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://salah.mobiilat.com/e24sv6_38Ihrh_nVYqny

exe.dropper

http://panlierhu.com/XMy9MFv1_pDQsD

exe.dropper

http://salecar2.muasam360.com/wp-content/9z7_MFL011

exe.dropper

http://afordioretails.com/D4Rm_Eugj

exe.dropper

http://thanhlapdoanhnghiephnh.com/kbCg0oh0_rNNj4TLtq_K

Targets

    • Target

      2c4bd045791506a7b824d6c30a4d3346_JaffaCakes118

    • Size

      175KB

    • MD5

      2c4bd045791506a7b824d6c30a4d3346

    • SHA1

      74c2a3b338288b5f779e099007da05084ce43990

    • SHA256

      0de620338216a3c13ea8a4d29f48ec20723321277d41c14f17c94fd8282dc32a

    • SHA512

      f9e82c64136ad92fb1a5e6243b51c2f344e4400b5ef900385e8cea73dc9f32003f71a3d8ad525c2212c46e023f7f97c870e1d06a1fb8ec3468bd49730ba6ee93

    • SSDEEP

      3072:e20EgXSimeOy6MzJiNKDzaJFUKc0UTE7yZRUV7RJeOzi8E:e2yXrmaMEDzYUTE7yZRVUi8E

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks