Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7cbc1462f5637a32c4190e3e77fafcc9_JaffaCakes118

  • Size

    61KB

  • Sample

    240528-m61tbshf45

  • MD5

    7cbc1462f5637a32c4190e3e77fafcc9

  • SHA1

    398c0fa69c41414f947cccfdfa79622a1f84339f

  • SHA256

    8a4e041bb4f82295c9206e68918f7c0e4278a8cdb2b6108e87a1869d6870a615

  • SHA512

    c179dae1eb0cc32fdcbcec41e305935205e6ec88f7ba4b528b2874ec4267dcc2def17ae27d562fd524d37a7e7385e9bf523bb1439f3f6711547d94d2586fc52e

  • SSDEEP

    1536:aO+eUd+OApUP2JCZpMfANCGImXMOtOeJpyeewe6OB3:xbADdMYujOtOeJpyee33

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cnnmediaservices.com/wp-admin/czBMOhz/

exe.dropper

http://ak3.net/t0XJ/

exe.dropper

http://ovday.com/1umq/S5IWl04/

exe.dropper

http://gch7.com/wp-includes/Nkwp/

exe.dropper

http://chengmikeji.com/wp-includes/9QQ/

exe.dropper

http://blog.anseeing.com/sys-cache/h/

exe.dropper

http://1sync-wp.x.opencrm.eu/wp-content/Bu/

Targets

    • Target

      sample

    • Size

      152KB

    • MD5

      2e4cf5654fa9412b4db2b6d281a19a13

    • SHA1

      99c9c0828e5bcb035734e3ac21a8da649a5b5f77

    • SHA256

      9f39d3f8edf0e13fb2226e79b569714a44fe33fcb890f0ed2117bd5522757de2

    • SHA512

      8923ff1cab7bc08edd38ee188dc29aae0fb9b37f1d841324b6ed35b2e65cb7add7fd4602fe9240548d19e6e2fdfbb1473e9793ce84f54bc9bd27c9cb2034dcf7

    • SSDEEP

      1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9q7Qb4HrO4u5Hg:VzrfrzOH98ipgO7I4HrO4u5Hg

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks