Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d2659bbdc6495785712d8c24a076166_JaffaCakes118

  • Size

    209KB

  • Sample

    240528-qxkmjagg32

  • MD5

    7d2659bbdc6495785712d8c24a076166

  • SHA1

    c0552b06c0830efb80903b4e5ba2f6bf2a1253c5

  • SHA256

    f6809265a7460ab3d0e927c5fb9399a263172140778b4cc34f6698d9521b3b43

  • SHA512

    b580ba553a10adf20fa28a091ffd5337c363114db45d7a8b2bc45d4476e20af35d4f5bd72fb9c8c6afbadf6b9f18cf4e345ab41887dcd2508f5b4065878322b7

  • SSDEEP

    3072:0P22TWTogk079THcpOu5UZhN5kmcB/YNY5g8:E/TX07hHcJQbe02x

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://waytoger.com/wp-admin/w/

exe.dropper

https://jaguarssus.xyz/wp-admin/GfU/

exe.dropper

https://learnkalmar.com/wp-includes/VSZ/

exe.dropper

http://tiendapablus.net/cgi-bin/SIr/

exe.dropper

https://prsaze.com/wp-admin/7a/

exe.dropper

https://www.campuscamarafp.com/wp-admin/N/

exe.dropper

https://infolockerz.com/wp-content/x/

Targets

    • Target

      7d2659bbdc6495785712d8c24a076166_JaffaCakes118

    • Size

      209KB

    • MD5

      7d2659bbdc6495785712d8c24a076166

    • SHA1

      c0552b06c0830efb80903b4e5ba2f6bf2a1253c5

    • SHA256

      f6809265a7460ab3d0e927c5fb9399a263172140778b4cc34f6698d9521b3b43

    • SHA512

      b580ba553a10adf20fa28a091ffd5337c363114db45d7a8b2bc45d4476e20af35d4f5bd72fb9c8c6afbadf6b9f18cf4e345ab41887dcd2508f5b4065878322b7

    • SSDEEP

      3072:0P22TWTogk079THcpOu5UZhN5kmcB/YNY5g8:E/TX07hHcJQbe02x

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks