Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76e3f55356e2a30593d436ab0880eff8_JaffaCakes118

  • Size

    113KB

  • Sample

    240526-1pbprsdb7t

  • MD5

    76e3f55356e2a30593d436ab0880eff8

  • SHA1

    6b1725b71bf2f01ca5b6b7f4c2b4252c67a6e2b1

  • SHA256

    b76296d33b324195937257e98ff545fa525399c3f54ec9ed090e29a09ea87e5e

  • SHA512

    6d4e48af3634cea0c8f729a171c51b65cb8b9755cf173867cf201a6934a771a315cb3540c0bcd5f47a58ca200fa0d05a052fbf1313717debb7ca5ccf192cfa8c

  • SSDEEP

    1536:0TxjwKZ09cB7y9ghN8+mQ90MTT+aU1E0NpFukKH6FH:4xjnB29gb8on+E0NpFEaFH

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baza-shartash.ru/hkqXqT1

exe.dropper

http://anapapoliv.ru/Sp4na

exe.dropper

http://shorecrestschools.com/nnQkN

exe.dropper

http://comicole.com/2HZ

exe.dropper

http://elartedelaaccion.es/6Hyl

Targets

    • Target

      76e3f55356e2a30593d436ab0880eff8_JaffaCakes118

    • Size

      113KB

    • MD5

      76e3f55356e2a30593d436ab0880eff8

    • SHA1

      6b1725b71bf2f01ca5b6b7f4c2b4252c67a6e2b1

    • SHA256

      b76296d33b324195937257e98ff545fa525399c3f54ec9ed090e29a09ea87e5e

    • SHA512

      6d4e48af3634cea0c8f729a171c51b65cb8b9755cf173867cf201a6934a771a315cb3540c0bcd5f47a58ca200fa0d05a052fbf1313717debb7ca5ccf192cfa8c

    • SSDEEP

      1536:0TxjwKZ09cB7y9ghN8+mQ90MTT+aU1E0NpFukKH6FH:4xjnB29gb8on+E0NpFEaFH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks