Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c3b5ec5c5e75a2dc9c86c6917e7e813_JaffaCakes118

  • Size

    189KB

  • Sample

    240528-jqlgxscf96

  • MD5

    7c3b5ec5c5e75a2dc9c86c6917e7e813

  • SHA1

    92b29db13a3d43ba1c727970d1da4de02ef08570

  • SHA256

    3bd8620bf36ba8d7e4bfa1477aa62faf1a980ca50783b571fbd71b9e00d36a52

  • SHA512

    cb4a131bf177b258f16921f4ee0e69f3954539ceec8253ae48b137767db6d70596fbdef49a8c65d709b92a2aa824ea320ba1ef22be4a9a37007a64a581f9ea07

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZmNu81zUz4LKpr:E/TX07hHcJQauezUELGr

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/

exe.dropper

http://injazjordan.com/moodle/Vh/

exe.dropper

https://site1.xyz/wp-admin/Y/

exe.dropper

http://2bstone.com/vr7tf0c/ZD/

exe.dropper

http://biology-360.com/wp-admin/hv/

exe.dropper

http://tez-tour.site/wp-content/9sB/

exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      7c3b5ec5c5e75a2dc9c86c6917e7e813_JaffaCakes118

    • Size

      189KB

    • MD5

      7c3b5ec5c5e75a2dc9c86c6917e7e813

    • SHA1

      92b29db13a3d43ba1c727970d1da4de02ef08570

    • SHA256

      3bd8620bf36ba8d7e4bfa1477aa62faf1a980ca50783b571fbd71b9e00d36a52

    • SHA512

      cb4a131bf177b258f16921f4ee0e69f3954539ceec8253ae48b137767db6d70596fbdef49a8c65d709b92a2aa824ea320ba1ef22be4a9a37007a64a581f9ea07

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZmNu81zUz4LKpr:E/TX07hHcJQauezUELGr

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks