Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    358d0deb05e22e9190356f31814cc768_JaffaCakes118

  • Size

    323KB

  • Sample

    240511-t6w9gaaf48

  • MD5

    358d0deb05e22e9190356f31814cc768

  • SHA1

    fd5b594092d9c0956c58fa784aeac6b33db728c6

  • SHA256

    8f3d11ee0a6f59a0a86ea7bb4989e22cf4463d729f8aabb931457556aaf87797

  • SHA512

    427f57f2f4f0b78ff99550c1566f2a2fa9b503a67bec2ce02b2ceca3a226d51d921d2294e0728a1bdfc36039288d4fa418b6b95fe63732677de8127e9d0ab306

  • SSDEEP

    6144:AG5/BnVfRFJ7KK9aHScdX9znGUbd7e1+gsIUF25Q/YB2KBhCET/Gh:A2n9R/lA5dX9znGUbwggaFJ/YBTT/2

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://katleyafloreria.com/n0vpOjlS

exe.dropper

http://ingramjapan.com/h9XwHYQu

exe.dropper

http://farmsys.scketon.com/GKGY9e4v

exe.dropper

http://truenorthtimber.com/CSncj8f

exe.dropper

http://karditsa.org/ohCJotRf8F

Targets

    • Target

      358d0deb05e22e9190356f31814cc768_JaffaCakes118

    • Size

      323KB

    • MD5

      358d0deb05e22e9190356f31814cc768

    • SHA1

      fd5b594092d9c0956c58fa784aeac6b33db728c6

    • SHA256

      8f3d11ee0a6f59a0a86ea7bb4989e22cf4463d729f8aabb931457556aaf87797

    • SHA512

      427f57f2f4f0b78ff99550c1566f2a2fa9b503a67bec2ce02b2ceca3a226d51d921d2294e0728a1bdfc36039288d4fa418b6b95fe63732677de8127e9d0ab306

    • SSDEEP

      6144:AG5/BnVfRFJ7KK9aHScdX9znGUbd7e1+gsIUF25Q/YB2KBhCET/Gh:A2n9R/lA5dX9znGUbwggaFJ/YBTT/2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks