Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118

  • Size

    154KB

  • Sample

    240520-ptr2rsbg6s

  • MD5

    5f1bbe19a2333cb402ac624a46014f28

  • SHA1

    6bcd62ad194559166fbd621ff40d5069cc5b2d38

  • SHA256

    e203577dadb325bd364b0a6609b5aa2b4df457ba261810b3e5416950dff54c8f

  • SHA512

    089efbe2850665db146361b3cf64f9701e93d01dd270f500e0a0206fbdffcd5b8a86cda85a3a08c9af70c66fad01245026237bcf7105f4ba9cbcca8356e7f64c

  • SSDEEP

    1536:cQYIQYjrdi1Ir77zOH98Wj2gpngB+a94+dRXalfAW66uud+BbN+rEw1:vrfrzOH98ipgXRE66uuoBsEw1

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://givingthanksdaily.com/web/VK/

exe.dropper

http://tskgear.com/wp-content/uploads/2017/Fo/

exe.dropper

http://duolife-partner.com/wp-content/pE/

exe.dropper

http://ponturibaschetcristianionut.com/wp-admin/G/

exe.dropper

https://mrveggy.com/erros/tS1/

exe.dropper

http://ifarmer.com.br/__MACOSX/2w4/

exe.dropper

http://uniteddatabase.net/wp-admin/tf/

Targets

    • Target

      5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118

    • Size

      154KB

    • MD5

      5f1bbe19a2333cb402ac624a46014f28

    • SHA1

      6bcd62ad194559166fbd621ff40d5069cc5b2d38

    • SHA256

      e203577dadb325bd364b0a6609b5aa2b4df457ba261810b3e5416950dff54c8f

    • SHA512

      089efbe2850665db146361b3cf64f9701e93d01dd270f500e0a0206fbdffcd5b8a86cda85a3a08c9af70c66fad01245026237bcf7105f4ba9cbcca8356e7f64c

    • SSDEEP

      1536:cQYIQYjrdi1Ir77zOH98Wj2gpngB+a94+dRXalfAW66uud+BbN+rEw1:vrfrzOH98ipgXRE66uuoBsEw1

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks