Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118

  • Size

    192KB

  • Sample

    240528-qt9r9agf25

  • MD5

    7d2387a3f8ca64bd95094e194aa0c10c

  • SHA1

    346983a8335cf6a6173c792b00f0e5680b9db94f

  • SHA256

    bd489be4b4636b4c0b9c2d7749b084fa534ec31195744d5b02e9d073925dd44d

  • SHA512

    f8cb8070fc1640a798821d94fc2cc51c877a58cbf38f7ff34ea596ba64236dc4593139db6898abb16dfbda0cdda89d7fff8c2206d3395a82c9e9e0b48259077b

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a9dk1qJDba/qrHEs+nPyNdOx7xe/:+rfrzOH98ipgLva/qTX+nPyLOBY/

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/

exe.dropper

https://www.cupgel.com/__MACOSX/3/

exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/

exe.dropper

http://crewnecksusa.com/wp-content/NJ/

exe.dropper

http://www.dougsuniverse.com/pics/yL8/

exe.dropper

https://idilsoft.com/admin/B/

exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      7d2387a3f8ca64bd95094e194aa0c10c_JaffaCakes118

    • Size

      192KB

    • MD5

      7d2387a3f8ca64bd95094e194aa0c10c

    • SHA1

      346983a8335cf6a6173c792b00f0e5680b9db94f

    • SHA256

      bd489be4b4636b4c0b9c2d7749b084fa534ec31195744d5b02e9d073925dd44d

    • SHA512

      f8cb8070fc1640a798821d94fc2cc51c877a58cbf38f7ff34ea596ba64236dc4593139db6898abb16dfbda0cdda89d7fff8c2206d3395a82c9e9e0b48259077b

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a9dk1qJDba/qrHEs+nPyNdOx7xe/:+rfrzOH98ipgLva/qTX+nPyLOBY/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks