Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c6b9dd46ac501c967cab18020c7e73c_JaffaCakes118

  • Size

    79KB

  • Sample

    240528-k3cwzsde6y

  • MD5

    7c6b9dd46ac501c967cab18020c7e73c

  • SHA1

    aa9b26e825fccf8baf3be401ac874815e801d8a8

  • SHA256

    2f65b46b0c9b40fb389c4cd9aa06799ea20f4540e33935f57e320e54ab2972a1

  • SHA512

    07643ace8cc2d4ebd386b6596121f9586e735b5f2bc53a9db85aec3229402f7b75f734bd3108614edf60038867a6eda8e346d45f7b0a1f61b8143c5626128e9b

  • SSDEEP

    1536:u0Yt9I9gWX/ZJVh2Q14DRQSwJu3qpcyUnGrJcoRACDq55y0QK7mbU/LJw1OB8JoJ:u0T1nVh2Q1QaJSqp1UnGrJfDquc1/LJ9

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://webaphobia.com/images/72Ca/

exe.dropper

https://montalegrense.graficosassociados.com/keywords/FOYo/

exe.dropper

http://purimaro.com/1/ww/

exe.dropper

http://jpmtech.com/css/GOOvqd/

exe.dropper

http://118.89.215.166/wp-includes/l5/

Targets

    • Target

      2616278123-May_01_2019.doc

    • Size

      141KB

    • MD5

      812def2bf386d78cc0fc6ec53359abbd

    • SHA1

      3217830b9cf2554343694ed8ef55693a5ec980b1

    • SHA256

      852e62a35876c8ed552591964b889621a672b89c641a585f84f5b9f043f51f1e

    • SHA512

      4e1276a53531ee98b383843c455784b618d3b67d8b4c6aa8b1b40246cb7a5db1a914e4ed3b1953fcdbe3a4b729e9e8a3b5574c25493ca4e40c72ed3479c38995

    • SSDEEP

      3072:k77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qDnFbHjuTNVg6:k77HUUUUUUUUUUUUUUUUUUUT52VEFbHU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks