Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118

  • Size

    302KB

  • Sample

    240528-ryhd8sac59

  • MD5

    7d5016a0f3dbdf66b692f8e5c4375e32

  • SHA1

    07d9643f70cd51c7d73dbca1683b0a6ea6438b97

  • SHA256

    9675db15d6969d8540660058953cd6888452ca80ebd27ff3950d27c27c93f6f9

  • SHA512

    9c2ab250c7cabf561d4c88f2c60ca3fee2abe173807962c2a11ae0b76554536753b9dadb2a24019b3119a7f11fa219398152e15a6bc7e8c7eb19b4ec8561b993

  • SSDEEP

    6144:sG5/BnVfRFJ7KK9aHScdX9znGUlOV7QthK4lgAM:s2n9R/lA5dX9znGUlPthpgAM

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://51.15.113.220/2sT3beRO4

exe.dropper

http://167.99.85.165/XyBY4Kl

exe.dropper

http://18.205.117.241/wp-content/uploads/P7KgkINX

exe.dropper

http://23.23.29.10/DAINhWrv

exe.dropper

http://18.213.62.169/wp-content/uploads/oEk4aUu

Targets

    • Target

      7d5016a0f3dbdf66b692f8e5c4375e32_JaffaCakes118

    • Size

      302KB

    • MD5

      7d5016a0f3dbdf66b692f8e5c4375e32

    • SHA1

      07d9643f70cd51c7d73dbca1683b0a6ea6438b97

    • SHA256

      9675db15d6969d8540660058953cd6888452ca80ebd27ff3950d27c27c93f6f9

    • SHA512

      9c2ab250c7cabf561d4c88f2c60ca3fee2abe173807962c2a11ae0b76554536753b9dadb2a24019b3119a7f11fa219398152e15a6bc7e8c7eb19b4ec8561b993

    • SSDEEP

      6144:sG5/BnVfRFJ7KK9aHScdX9znGUlOV7QthK4lgAM:s2n9R/lA5dX9znGUlPthpgAM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks