Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118

  • Size

    186KB

  • Sample

    240509-gwg1ksgf69

  • MD5

    28a52112efdfd3ec1b30ee75d79c98a4

  • SHA1

    b4a57f3074b8f22eb93fd7f695bd4a0bbaa33035

  • SHA256

    200ab165378e9785d6c3add4e5a2738f94fa6db69ec0ad5459a177b241194020

  • SHA512

    78f97772ca59954b3a91efaa26c54558446fd4baae573fcc9e5f37e33f2873f7e9fa4f414fa90e729ac0227adfe8ba84644505057d4120d2496af92546e24f00

  • SSDEEP

    1536:qI491Y2wcI491Y2w+4tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a9iXljb:A4tcTvjvTY140818tIP4ovpD1jnuPk

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://loungegangnam.com/4W/dz/

exe.dropper

http://indyoverheaddoors.com/wp-includes/pZ/

exe.dropper

http://geoffoglemusic.com/wp-admin/w/

exe.dropper

http://giral2.com/wp-includes/0e/

exe.dropper

https://www.lunalysis.com/wordpress/syb/

exe.dropper

http://farli.com/cgi-bin/jK/

exe.dropper

http://goldcoastoffice365.com/temp/wQ/

Targets

    • Target

      28a52112efdfd3ec1b30ee75d79c98a4_JaffaCakes118

    • Size

      186KB

    • MD5

      28a52112efdfd3ec1b30ee75d79c98a4

    • SHA1

      b4a57f3074b8f22eb93fd7f695bd4a0bbaa33035

    • SHA256

      200ab165378e9785d6c3add4e5a2738f94fa6db69ec0ad5459a177b241194020

    • SHA512

      78f97772ca59954b3a91efaa26c54558446fd4baae573fcc9e5f37e33f2873f7e9fa4f414fa90e729ac0227adfe8ba84644505057d4120d2496af92546e24f00

    • SSDEEP

      1536:qI491Y2wcI491Y2w+4tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a9iXljb:A4tcTvjvTY140818tIP4ovpD1jnuPk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks