Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118

  • Size

    191KB

  • Sample

    240509-qj4s9aed46

  • MD5

    2a2442881b7130fdbb2fa25fa2cdc0fb

  • SHA1

    e1c3e7dda75f30d0f1116be4b8f34a465855b3c2

  • SHA256

    a99c9ad593ce0d637ad4526f58ca7493d46ff5142d908d55ef9ee711deefb69b

  • SHA512

    ea038c49f0d5a71a601a41203d5424b3a642c7f3c95aaf0670d950f67465174770db55cca39f4ee89657a00108a86d9bbf8127ce950546ce5272f2be04056bf3

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjj0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pL8KbS

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/

exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/

exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/

exe.dropper

http://casualhome.com/wp-admin/Y/

exe.dropper

https://aemine.vn/wp-admin/KMq/

exe.dropper

http://aahnaturals.net/wp-includes/A3/

exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      2a2442881b7130fdbb2fa25fa2cdc0fb_JaffaCakes118

    • Size

      191KB

    • MD5

      2a2442881b7130fdbb2fa25fa2cdc0fb

    • SHA1

      e1c3e7dda75f30d0f1116be4b8f34a465855b3c2

    • SHA256

      a99c9ad593ce0d637ad4526f58ca7493d46ff5142d908d55ef9ee711deefb69b

    • SHA512

      ea038c49f0d5a71a601a41203d5424b3a642c7f3c95aaf0670d950f67465174770db55cca39f4ee89657a00108a86d9bbf8127ce950546ce5272f2be04056bf3

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjj0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pL8KbS

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks