Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c606c19d1900791c2c410863d8e802c_JaffaCakes118

  • Size

    190KB

  • Sample

    240528-ksmcnsdb2z

  • MD5

    7c606c19d1900791c2c410863d8e802c

  • SHA1

    429ff2c7048112e2693d7f0cd8ee1f7fb824c07a

  • SHA256

    09256feaae44245c56e248adab283c64e4523847450286862fba87f65d6e708d

  • SHA512

    addccbca0f7a5c1dd6118138381ae7ffcb64b3ef900d50492114318ce40ae24505fd50011ed1cef9616bbc7e2e9b1155b597551ff3047dfb95a471307a5eae17

  • SSDEEP

    3072:d377HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qHzXWjPwIlFUjS+IyGm9wYj8t5UaMP:d377HUUUUUUUUUUUUUUUUUUUT52VKgPm

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ekokominki.pl/3vp4/l_Op/

exe.dropper

https://giangphan.vn/evhu/s_t/

exe.dropper

http://gkmfx.net/wp-admin/y_v/

exe.dropper

http://dogmates.club/wp-content/uploads/fe_N/

exe.dropper

http://www.iplaz.pt/wp-admin/W_D/

Targets

    • Target

      7c606c19d1900791c2c410863d8e802c_JaffaCakes118

    • Size

      190KB

    • MD5

      7c606c19d1900791c2c410863d8e802c

    • SHA1

      429ff2c7048112e2693d7f0cd8ee1f7fb824c07a

    • SHA256

      09256feaae44245c56e248adab283c64e4523847450286862fba87f65d6e708d

    • SHA512

      addccbca0f7a5c1dd6118138381ae7ffcb64b3ef900d50492114318ce40ae24505fd50011ed1cef9616bbc7e2e9b1155b597551ff3047dfb95a471307a5eae17

    • SSDEEP

      3072:d377HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qHzXWjPwIlFUjS+IyGm9wYj8t5UaMP:d377HUUUUUUUUUUUUUUUUUUUT52VKgPm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks