Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118

  • Size

    596KB

  • Sample

    240528-rmh7dshh36

  • MD5

    7d44686ad010e6c6a56a9c1762667b7d

  • SHA1

    defcebe402ac31697d3c210f8396fc10b7556cf4

  • SHA256

    81e82ca86ebdac978dffeb26fbea7c54ce708b0346f465316234145f23d75372

  • SHA512

    573f7b05cb08e403ef52a3da5bfa6058f342b5f1bea750df3e3e65a8e271bfeb54520d6a7259fe953d3a40591e142bde69360721c77ec4eb2488f3779d22ea9a

  • SSDEEP

    12288:ZLW+FnvexqD0SoENuJUDcrnGMOAiKe6EbMVLD:ZC+Fn2QDpuJUDcCMOAiEEsD

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mcma1.com/greatness.exe

Targets

    • Target

      7d44686ad010e6c6a56a9c1762667b7d_JaffaCakes118

    • Size

      596KB

    • MD5

      7d44686ad010e6c6a56a9c1762667b7d

    • SHA1

      defcebe402ac31697d3c210f8396fc10b7556cf4

    • SHA256

      81e82ca86ebdac978dffeb26fbea7c54ce708b0346f465316234145f23d75372

    • SHA512

      573f7b05cb08e403ef52a3da5bfa6058f342b5f1bea750df3e3e65a8e271bfeb54520d6a7259fe953d3a40591e142bde69360721c77ec4eb2488f3779d22ea9a

    • SSDEEP

      12288:ZLW+FnvexqD0SoENuJUDcrnGMOAiKe6EbMVLD:ZC+Fn2QDpuJUDcCMOAiEEsD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks