Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71798c1415bd2c656552ec32c9835538_JaffaCakes118

  • Size

    187KB

  • Sample

    240525-k1gr6acc3t

  • MD5

    71798c1415bd2c656552ec32c9835538

  • SHA1

    51702d9597e77b881c90467455c6479d6a8b7774

  • SHA256

    0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002

  • SHA512

    fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f

  • SSDEEP

    1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dtyl.shop/wp-content/W68Nx/

exe.dropper

https://star-speed.vip/wp-admin/U2jRIg/

exe.dropper

https://cshub123.cn/wp-admin/Gajs/

exe.dropper

https://viettellogistics.com.vn/wp-content/oS4/

exe.dropper

http://cococat.se/wp-admin/2Oaf/

exe.dropper

http://andresirjan.ir/wp-admin/JSH/

exe.dropper

https://sptrade.com.br/wp-includes/iFZOvL/

Targets

    • Target

      71798c1415bd2c656552ec32c9835538_JaffaCakes118

    • Size

      187KB

    • MD5

      71798c1415bd2c656552ec32c9835538

    • SHA1

      51702d9597e77b881c90467455c6479d6a8b7774

    • SHA256

      0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002

    • SHA512

      fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f

    • SSDEEP

      1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks