Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d3b215f3fa77a0e6bb20612aecbacfa_JaffaCakes118

  • Size

    33KB

  • Sample

    240528-reffjahe76

  • MD5

    7d3b215f3fa77a0e6bb20612aecbacfa

  • SHA1

    771c75a24462f8eca232d23456b297b1dbce1f79

  • SHA256

    f703df08f5e7388f4873137977cf1c96a24293a7bf93b952c586c27b34e4212e

  • SHA512

    cfd4179777cf09a8fb2086634e91b7c2e54ba8c5f4648ea972f980ca7cb9cda0da92986a86f041673bf638badd74741a13b0328286ad82ed601bf5925758a4f1

  • SSDEEP

    768:hA7BCRf70RNmGqfsCwMmHyQG0Ib/ycKCBo8GRj18B:hIih7pmSQlIz2EGRj2

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://okjeintmotorsy.com/s.php?id=mariog

exe.dropper

http://okjeintmotorsy.com/nino/mariog.mdf

Targets

    • Target

      7d3b215f3fa77a0e6bb20612aecbacfa_JaffaCakes118

    • Size

      33KB

    • MD5

      7d3b215f3fa77a0e6bb20612aecbacfa

    • SHA1

      771c75a24462f8eca232d23456b297b1dbce1f79

    • SHA256

      f703df08f5e7388f4873137977cf1c96a24293a7bf93b952c586c27b34e4212e

    • SHA512

      cfd4179777cf09a8fb2086634e91b7c2e54ba8c5f4648ea972f980ca7cb9cda0da92986a86f041673bf638badd74741a13b0328286ad82ed601bf5925758a4f1

    • SSDEEP

      768:hA7BCRf70RNmGqfsCwMmHyQG0Ib/ycKCBo8GRj18B:hIih7pmSQlIz2EGRj2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks