Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d8721014a4b725904caefafb0b0648d_JaffaCakes118

  • Size

    190KB

  • Sample

    240516-3caytaea65

  • MD5

    4d8721014a4b725904caefafb0b0648d

  • SHA1

    49793c41dd2a025430b9ef2efc1a8f92350e7d74

  • SHA256

    33e168b521382917594b49a8c47277c2f6dab44b32fa8e09073ec5f80ccd1480

  • SHA512

    17723e10055874d2aa1004f87af86446fc836ac4515e7e290b8d1551508bece27230e1f64047a17768a0b5bb1fd6afa28078a7ca89b228aa643a64518bf86761

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gj+0zKNf9cfmfE7qdmVJKk/Juvc5a8a8b:i9ufsfgIf0pLhKby

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/

exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/

exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/

exe.dropper

http://casualhome.com/wp-admin/Y/

exe.dropper

https://aemine.vn/wp-admin/KMq/

exe.dropper

http://aahnaturals.net/wp-includes/A3/

exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      4d8721014a4b725904caefafb0b0648d_JaffaCakes118

    • Size

      190KB

    • MD5

      4d8721014a4b725904caefafb0b0648d

    • SHA1

      49793c41dd2a025430b9ef2efc1a8f92350e7d74

    • SHA256

      33e168b521382917594b49a8c47277c2f6dab44b32fa8e09073ec5f80ccd1480

    • SHA512

      17723e10055874d2aa1004f87af86446fc836ac4515e7e290b8d1551508bece27230e1f64047a17768a0b5bb1fd6afa28078a7ca89b228aa643a64518bf86761

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gj+0zKNf9cfmfE7qdmVJKk/Juvc5a8a8b:i9ufsfgIf0pLhKby

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks