Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118

  • Size

    348KB

  • Sample

    240526-nag7sagc2t

  • MD5

    75497caaa52797d58a70cdbe1cb1252c

  • SHA1

    a3ee3f7b8940dfadfc728b7467679879640f9578

  • SHA256

    cccdcd65247b27e1d3587cc6d365a5dd703954ec578f288ccf2c97b85837b069

  • SHA512

    f3f9ab4f058af45f4b148433f565fa1d602339b52cca84ea8dd1dc1ef59c1c7050cf04421a77dd557e81ddf316a5177ff89bfafb50de5f26d7ca85289b50d2d6

  • SSDEEP

    6144:FbF9t7qqDX+ZUMPyc0vcDDleaLDnKVaG1S/YNe7Y:5D4qr+SMPGv2DleaLDnKkG1fl

Score
10/10

Malware Config

Targets

    • Target

      75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118

    • Size

      348KB

    • MD5

      75497caaa52797d58a70cdbe1cb1252c

    • SHA1

      a3ee3f7b8940dfadfc728b7467679879640f9578

    • SHA256

      cccdcd65247b27e1d3587cc6d365a5dd703954ec578f288ccf2c97b85837b069

    • SHA512

      f3f9ab4f058af45f4b148433f565fa1d602339b52cca84ea8dd1dc1ef59c1c7050cf04421a77dd557e81ddf316a5177ff89bfafb50de5f26d7ca85289b50d2d6

    • SSDEEP

      6144:FbF9t7qqDX+ZUMPyc0vcDDleaLDnKVaG1S/YNe7Y:5D4qr+SMPGv2DleaLDnKkG1fl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks