Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7cd365e9fc1e63d44953c7854cbc92a9_JaffaCakes118

  • Size

    156KB

  • Sample

    240528-nts4dsae62

  • MD5

    7cd365e9fc1e63d44953c7854cbc92a9

  • SHA1

    0008fee0ace32bee0e173793204ad80b6d1fd839

  • SHA256

    d1e10391df7fab080987c6384491a27d50f470c9b1a602417f322c06a79a5954

  • SHA512

    2fc7e1c274484044431363f45a102f63134e6b9d755102e11d342c7901e0f4cd69cfb961400bd3d1bacda547687e55215b0214ae4392bc362fe15fe2a7c4a500

  • SSDEEP

    1536:IA3Aerdi1Ir77zOH98Wj2gpngB+a9A2eRz/CnQ:prfrzOH98ipgkV6nQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://belhao.com/wp-includes/gg/

exe.dropper

http://badacareer.com/5f2o/hN/

exe.dropper

http://siili.net/wp-admin/dnE/

exe.dropper

https://sulselekspres.com/TEST777/a/

exe.dropper

http://nouralanwar.com/cgfo/k/

exe.dropper

https://povedavicedo.com/wp-admin/E5/

exe.dropper

https://shoyannutrition.com/wp-includes/kn/

Targets

    • Target

      7cd365e9fc1e63d44953c7854cbc92a9_JaffaCakes118

    • Size

      156KB

    • MD5

      7cd365e9fc1e63d44953c7854cbc92a9

    • SHA1

      0008fee0ace32bee0e173793204ad80b6d1fd839

    • SHA256

      d1e10391df7fab080987c6384491a27d50f470c9b1a602417f322c06a79a5954

    • SHA512

      2fc7e1c274484044431363f45a102f63134e6b9d755102e11d342c7901e0f4cd69cfb961400bd3d1bacda547687e55215b0214ae4392bc362fe15fe2a7c4a500

    • SSDEEP

      1536:IA3Aerdi1Ir77zOH98Wj2gpngB+a9A2eRz/CnQ:prfrzOH98ipgkV6nQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks