Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7cd6f406ad6dde09d3697bd9dbb32cbc_JaffaCakes118

  • Size

    214KB

  • Sample

    240528-nxp6xahh7s

  • MD5

    7cd6f406ad6dde09d3697bd9dbb32cbc

  • SHA1

    23292ee3473a527c1eedb6032efd7ab33a69ff93

  • SHA256

    3f0d53be0681ca0b025e12e57da569607681b4b3f06849aa66b7ca1d4b1f47a0

  • SHA512

    11d59452d0d09787d844597bfd0aaca52678f24fb5ad9f6f85dd354323344436c350696c8c216438fb6da9f15a91b68915a5e286ebc3e3e7a28601da4c2ce516

  • SSDEEP

    1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9GkLShGkVAelnX6:222TWTogk079THcpOu5UZVWhGMlnSL

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dongyabingfu.com/wp-includes/w/

exe.dropper

http://givingthanksdaily.com/Q/

exe.dropper

http://uniteddatabase.net/wp-admin/dhJ/

exe.dropper

http://www.gozowindmill.com/meteo/nmy/

exe.dropper

http://kcdryervents.com/ca/D/

exe.dropper

http://www.greaudstudio.com/docs/kGQ/

exe.dropper

https://mrveggy.com/erros/3Ss/

Targets

    • Target

      7cd6f406ad6dde09d3697bd9dbb32cbc_JaffaCakes118

    • Size

      214KB

    • MD5

      7cd6f406ad6dde09d3697bd9dbb32cbc

    • SHA1

      23292ee3473a527c1eedb6032efd7ab33a69ff93

    • SHA256

      3f0d53be0681ca0b025e12e57da569607681b4b3f06849aa66b7ca1d4b1f47a0

    • SHA512

      11d59452d0d09787d844597bfd0aaca52678f24fb5ad9f6f85dd354323344436c350696c8c216438fb6da9f15a91b68915a5e286ebc3e3e7a28601da4c2ce516

    • SSDEEP

      1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9GkLShGkVAelnX6:222TWTogk079THcpOu5UZVWhGMlnSL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks