Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118

  • Size

    156KB

  • Sample

    240528-rcscbagc8y

  • MD5

    7d3973e50fa19997eea5011ff85bb3ee

  • SHA1

    20ecb0f7328ab6f7f0ca5b0e0b5510c690126bc6

  • SHA256

    b745c1e7d1a767819af8d95159f3805cc6d4a07a2dc95644101e334582edbbd2

  • SHA512

    ff32fd853bc9343c6d555db76c0905fad2d3867aec1fa94ef13f4da0b7bdc8c0170bcfbdb0b7b937e1f4de75feae2d3812af974b5ebe5c2e3c3ac4c92e57786d

  • SSDEEP

    1536:Qsthstsrdi1Ir77zOH98Wj2gpngt+a9HGHf3ABlTkBAP3P:3rfrzOH98ipgqPABlTkBAP3P

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://yolticaxcan.com/cgi-bin/T7nT/

exe.dropper

http://vqpr.com/client/dN/

exe.dropper

http://totogourmet.com/shopping/CRiy/

exe.dropper

http://amyescort.de/wp-admin/RVuhzNI/

exe.dropper

https://nypthealing.com/wp-includes/nfR/

exe.dropper

https://www.lvl.com.br/wp-admin/U2nZ6FNU5G/

exe.dropper

http://www.weblinx.com.pk/algarments.com.pk/UMR/

Targets

    • Target

      7d3973e50fa19997eea5011ff85bb3ee_JaffaCakes118

    • Size

      156KB

    • MD5

      7d3973e50fa19997eea5011ff85bb3ee

    • SHA1

      20ecb0f7328ab6f7f0ca5b0e0b5510c690126bc6

    • SHA256

      b745c1e7d1a767819af8d95159f3805cc6d4a07a2dc95644101e334582edbbd2

    • SHA512

      ff32fd853bc9343c6d555db76c0905fad2d3867aec1fa94ef13f4da0b7bdc8c0170bcfbdb0b7b937e1f4de75feae2d3812af974b5ebe5c2e3c3ac4c92e57786d

    • SSDEEP

      1536:Qsthstsrdi1Ir77zOH98Wj2gpngt+a9HGHf3ABlTkBAP3P:3rfrzOH98ipgqPABlTkBAP3P

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks