Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7cbc035a36c551b5fe9e64b6cfc1bc98_JaffaCakes118

  • Size

    159KB

  • Sample

    240528-m6zahage31

  • MD5

    7cbc035a36c551b5fe9e64b6cfc1bc98

  • SHA1

    8c090f4ca9e968f478a97072cfc57e77a94702e4

  • SHA256

    f70ea918a341bcfde45c7e4d28f4c98daf8db0826b0682f29a94d695991e0016

  • SHA512

    cf4de7c4bb5f62043c3779d497e9a54f5c5a1f27ea35abd543ff296187ded2d31e65a5a4b8cb9646a136976533ff81a7c96708588c7de7901d8c1d2f57b5c412

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9pLln2/5M+:9rfrzOH98ipg1L05M+

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/

exe.dropper

https://sertres.com/ivmej/p/

exe.dropper

https://viaje-achina.com/wp-admin/aG/

exe.dropper

https://aszcasino.com/aszdemo/AGA/

exe.dropper

https://bintangremaja.com/wp-content/U/

exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/

exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      7cbc035a36c551b5fe9e64b6cfc1bc98_JaffaCakes118

    • Size

      159KB

    • MD5

      7cbc035a36c551b5fe9e64b6cfc1bc98

    • SHA1

      8c090f4ca9e968f478a97072cfc57e77a94702e4

    • SHA256

      f70ea918a341bcfde45c7e4d28f4c98daf8db0826b0682f29a94d695991e0016

    • SHA512

      cf4de7c4bb5f62043c3779d497e9a54f5c5a1f27ea35abd543ff296187ded2d31e65a5a4b8cb9646a136976533ff81a7c96708588c7de7901d8c1d2f57b5c412

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9pLln2/5M+:9rfrzOH98ipg1L05M+

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks