Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ae87dcf399fd436295324af614bfe7d_JaffaCakes118

  • Size

    83KB

  • Sample

    240523-pe82qsgh26

  • MD5

    6ae87dcf399fd436295324af614bfe7d

  • SHA1

    94961851f49f5b8972bf21eac49a2422265af154

  • SHA256

    e5acae3216827c1b58921810d5440ee5453284b3ebb1637de2cce0f8d60f126f

  • SHA512

    c0a32402c707238b6f733396bf47a3e492fa9aef56e7ab7bd2411d9b297a60813f2eca7dc4beae0ac2f942037e09da08031ec1134ddd8755a61cadf4c1aa7837

  • SSDEEP

    1536:WptJlmrJpmxlRw99NBO+aKz6Qaqya5XJJue+xT:ate2dw99fWqb5zu

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kulikovonn.ru/l5vT7q19U

exe.dropper

http://optics-line.com/vUUp9ygDE

exe.dropper

http://lonestarcustompainting.com/BLC3RY4O

exe.dropper

http://montegrappa.com.pa/OkyoMANm

exe.dropper

http://kristianmarlow.com/mhFm2oA4Q

Targets

    • Target

      6ae87dcf399fd436295324af614bfe7d_JaffaCakes118

    • Size

      83KB

    • MD5

      6ae87dcf399fd436295324af614bfe7d

    • SHA1

      94961851f49f5b8972bf21eac49a2422265af154

    • SHA256

      e5acae3216827c1b58921810d5440ee5453284b3ebb1637de2cce0f8d60f126f

    • SHA512

      c0a32402c707238b6f733396bf47a3e492fa9aef56e7ab7bd2411d9b297a60813f2eca7dc4beae0ac2f942037e09da08031ec1134ddd8755a61cadf4c1aa7837

    • SSDEEP

      1536:WptJlmrJpmxlRw99NBO+aKz6Qaqya5XJJue+xT:ate2dw99fWqb5zu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks