Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c29def6f04b4cecf5a030c052ab31ee_JaffaCakes118

  • Size

    229KB

  • Sample

    240528-h77aaaag9x

  • MD5

    7c29def6f04b4cecf5a030c052ab31ee

  • SHA1

    90c030b29c152ee83607efd9d0f02ced4ca30a41

  • SHA256

    54df62d76577ab1dcc9c7245f1bcae17e8b7e93da9016cc284a16001fed3e106

  • SHA512

    d4dd76abd48007e314370f7b901b512a5a9c2eb35a61afffdca2eb0ba42eae25f4387bc056942918f14b9ca21b889a93633998699a52b1ccf95792eb986740bf

  • SSDEEP

    3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HzJw9ffRe:yHgtEWPsL/aTyT9Gkw8zJw9ffRe

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://arsan.com.br/img_b2w/jstgflap98/

exe.dropper

http://koester-pb.de/cgi-bin/HoDIPqV/

exe.dropper

http://aragonmetal.com/_installation/LPMGMZroO/

exe.dropper

https://www.witdigi.com/wp-content/uploads/iBeE/

exe.dropper

http://yellowstonefitness.com/j5es7cx/QgLkys4ga64g228/

Targets

    • Target

      7c29def6f04b4cecf5a030c052ab31ee_JaffaCakes118

    • Size

      229KB

    • MD5

      7c29def6f04b4cecf5a030c052ab31ee

    • SHA1

      90c030b29c152ee83607efd9d0f02ced4ca30a41

    • SHA256

      54df62d76577ab1dcc9c7245f1bcae17e8b7e93da9016cc284a16001fed3e106

    • SHA512

      d4dd76abd48007e314370f7b901b512a5a9c2eb35a61afffdca2eb0ba42eae25f4387bc056942918f14b9ca21b889a93633998699a52b1ccf95792eb986740bf

    • SSDEEP

      3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HzJw9ffRe:yHgtEWPsL/aTyT9Gkw8zJw9ffRe

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks