Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7cd63ff32e8b18c9170d799399e087f5_JaffaCakes118

  • Size

    158KB

  • Sample

    240528-nw2hjshg8v

  • MD5

    7cd63ff32e8b18c9170d799399e087f5

  • SHA1

    0ee3d3fbc8ebb21a6ff95140d9ec91e51f5cf2b0

  • SHA256

    8ddd94df2c8a4bc7158c11c1f70df46ba8e7d760b8888125a4f179fee83a0846

  • SHA512

    cbb3ea1b594eb366466ff368d1b7f1703c7fe965e7b64d92b3d7401d86bce1a7fe5485cd590e6c840ac3030b96cf76a38f93a12f5aef223bcf02af7b956fe2e1

  • SSDEEP

    1536:a0a0Grdi1Ir77zOH98Wj2gpngd+a9xg8fx5EvGtaRWfjPYKwA0suw+2lEsSp:WrfrzOH98ipgn+4Esu

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zcomunicacion.com/wp-admin/Z/

exe.dropper

http://cooldoggraphics.com/wp-content/Pge/

exe.dropper

http://canyonplastering.com/wp-content/ZWX/

exe.dropper

https://stochile.com/sto/PKP/

exe.dropper

http://voxdream.com/wp-includes/rd/

exe.dropper

https://www.valetourvirtual.com/vapor/mp/

exe.dropper

http://z.89fk.top/user/e/

Targets

    • Target

      7cd63ff32e8b18c9170d799399e087f5_JaffaCakes118

    • Size

      158KB

    • MD5

      7cd63ff32e8b18c9170d799399e087f5

    • SHA1

      0ee3d3fbc8ebb21a6ff95140d9ec91e51f5cf2b0

    • SHA256

      8ddd94df2c8a4bc7158c11c1f70df46ba8e7d760b8888125a4f179fee83a0846

    • SHA512

      cbb3ea1b594eb366466ff368d1b7f1703c7fe965e7b64d92b3d7401d86bce1a7fe5485cd590e6c840ac3030b96cf76a38f93a12f5aef223bcf02af7b956fe2e1

    • SSDEEP

      1536:a0a0Grdi1Ir77zOH98Wj2gpngd+a9xg8fx5EvGtaRWfjPYKwA0suw+2lEsSp:WrfrzOH98ipgn+4Esu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks