Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118

  • Size

    193KB

  • Sample

    240516-gk7rvsef9t

  • MD5

    49acfa0b1afdf8f4f9b7897d08e94af2

  • SHA1

    09108ee9c7a5ac9227556d185ceb22c257243b13

  • SHA256

    41a035835264e22d0533d34539e7ae0db8573b8b7bb013a5ad3fddfc6965884c

  • SHA512

    1b52521374bd8a85f1473d3cb944201817000d43b015dfc940b4a83e8dea1acacd59e7a158633306d33bdba1fef53616d578561d03154f716bc596a29b646f46

  • SSDEEP

    1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVS8:+rfrzOH98ipgad58cIk

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://boys86.com/wp-admin/mO/

exe.dropper

http://dacyclin.com/3qx/Z/

exe.dropper

https://fepami.com/wp-includes/oRT/

exe.dropper

https://xnxxfullhd.com/wp-admin/NAK/

exe.dropper

https://www.business-management-degree.net/wp-snapshots/W/

exe.dropper

http://homestay.design/wordpress/M/

exe.dropper

https://csc-comunity.com/wp-admin/6DW/

Targets

    • Target

      49acfa0b1afdf8f4f9b7897d08e94af2_JaffaCakes118

    • Size

      193KB

    • MD5

      49acfa0b1afdf8f4f9b7897d08e94af2

    • SHA1

      09108ee9c7a5ac9227556d185ceb22c257243b13

    • SHA256

      41a035835264e22d0533d34539e7ae0db8573b8b7bb013a5ad3fddfc6965884c

    • SHA512

      1b52521374bd8a85f1473d3cb944201817000d43b015dfc940b4a83e8dea1acacd59e7a158633306d33bdba1fef53616d578561d03154f716bc596a29b646f46

    • SSDEEP

      1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVS8:+rfrzOH98ipgad58cIk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks