Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    409e6844a25e1e2066eda833da6968e7_JaffaCakes118

  • Size

    159KB

  • Sample

    240514-hv9vmsee6y

  • MD5

    409e6844a25e1e2066eda833da6968e7

  • SHA1

    66a4f1bec5bccc0c85ee37e7e6c6783758f0da11

  • SHA256

    e82e2f66ed32cd20f0d00ec484e270ab47084cb2fe8f88e1f00b9eb507e30168

  • SHA512

    d7647dc3360f763be2a64edc2f72a16d29ac7a8bcc99313e33068cd59fd56976c3906af03f125bb050b4873f9185d364610abf5ea4adb77eafc99522efe20627

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9hxRiqLE8ct2PU7eXKSSxH5ppJxjFWT:+0rfrzOH98ipgZkJxjFWT

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/

exe.dropper

http://shahramookht.com/t1k12k7t/8jq/

exe.dropper

http://www.aciitaly.com/adminer-master/gkI/

exe.dropper

https://codelta.es/images/9S35FR/

exe.dropper

https://burstoutloud.com/PPL/Hf/

exe.dropper

https://targetin.com/Silder-1/naK/

exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      409e6844a25e1e2066eda833da6968e7_JaffaCakes118

    • Size

      159KB

    • MD5

      409e6844a25e1e2066eda833da6968e7

    • SHA1

      66a4f1bec5bccc0c85ee37e7e6c6783758f0da11

    • SHA256

      e82e2f66ed32cd20f0d00ec484e270ab47084cb2fe8f88e1f00b9eb507e30168

    • SHA512

      d7647dc3360f763be2a64edc2f72a16d29ac7a8bcc99313e33068cd59fd56976c3906af03f125bb050b4873f9185d364610abf5ea4adb77eafc99522efe20627

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9hxRiqLE8ct2PU7eXKSSxH5ppJxjFWT:+0rfrzOH98ipgZkJxjFWT

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks