Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c898c24c078684f8ac4590ec4fa86a3_JaffaCakes118

  • Size

    154KB

  • Sample

    240528-lv4v6sef5t

  • MD5

    7c898c24c078684f8ac4590ec4fa86a3

  • SHA1

    1b4dc40e3dcaaaab5215a0341cd2e1308c10ca8c

  • SHA256

    c7a47f70ab25e7230fc67c23c8c6c7c1fb1d48fe82566709b60723fb55b7f8b8

  • SHA512

    922054dc0f5918e74319445231c53ed7bd28f7eacfefe46942dd9b2cfc7291f72b82e00580fb3ad04112423cc9e6f96c6023a426c5ecbd3938dddc34cb836b34

  • SSDEEP

    3072:VN8GhDS0o9zTGOZD6EbzCdn+0Bkbj1Q3:VHoUOZDlben+0Kbp

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.forma-31.ru/x9w0Q_aJ9eUDi_0

exe.dropper

http://codienlanhnme.vn/wmfuxxu_bf8c_ccJhM

exe.dropper

http://www.viajesdelbosque.com/oJmICLR_SF1qjTc9v

exe.dropper

http://www.kiber-soft.ru/Heq3CDGN_tvvO3Ae1q

exe.dropper

http://www.yogaspaceme.com/QCPdiT_LN2iP6fHd

Targets

    • Target

      7c898c24c078684f8ac4590ec4fa86a3_JaffaCakes118

    • Size

      154KB

    • MD5

      7c898c24c078684f8ac4590ec4fa86a3

    • SHA1

      1b4dc40e3dcaaaab5215a0341cd2e1308c10ca8c

    • SHA256

      c7a47f70ab25e7230fc67c23c8c6c7c1fb1d48fe82566709b60723fb55b7f8b8

    • SHA512

      922054dc0f5918e74319445231c53ed7bd28f7eacfefe46942dd9b2cfc7291f72b82e00580fb3ad04112423cc9e6f96c6023a426c5ecbd3938dddc34cb836b34

    • SSDEEP

      3072:VN8GhDS0o9zTGOZD6EbzCdn+0Bkbj1Q3:VHoUOZDlben+0Kbp

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks