Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d8174653546d52e57ea8c15cea7dfde_JaffaCakes118

  • Size

    148KB

  • Sample

    240528-s6681aaf9y

  • MD5

    7d8174653546d52e57ea8c15cea7dfde

  • SHA1

    3287f474cfcafa07cf0ff753e185a3968df8f896

  • SHA256

    508f9d3e514333ceff94b8f1de4f5d5d639fb952eed6033cd031ef349ce3145f

  • SHA512

    9d8855f4c4f29a4ad49686fea3605a6b93aac1f09a2cb65e52854ad137919d64ee896d0e9b9d204b0aed59053f2b3cb2106b719a57786c37aa1b5a40e8b87bcf

  • SSDEEP

    3072:uYv8GhDS0o9zTGOZD6EbzCdLp4NKR/JZZ:uY1oUOZDlbeLmNKR/JZ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://antigua.aguilarnoticias.com/8ol4F4p

exe.dropper

http://prosolutionplusdiscount.com/gEEsqX5mU

exe.dropper

http://bunonartcrafts.com/6jUhzQa

exe.dropper

http://regenerationcongo.com/NVRODt7

exe.dropper

http://ghoulash.com/oHusH3kaO

Targets

    • Target

      7d8174653546d52e57ea8c15cea7dfde_JaffaCakes118

    • Size

      148KB

    • MD5

      7d8174653546d52e57ea8c15cea7dfde

    • SHA1

      3287f474cfcafa07cf0ff753e185a3968df8f896

    • SHA256

      508f9d3e514333ceff94b8f1de4f5d5d639fb952eed6033cd031ef349ce3145f

    • SHA512

      9d8855f4c4f29a4ad49686fea3605a6b93aac1f09a2cb65e52854ad137919d64ee896d0e9b9d204b0aed59053f2b3cb2106b719a57786c37aa1b5a40e8b87bcf

    • SSDEEP

      3072:uYv8GhDS0o9zTGOZD6EbzCdLp4NKR/JZZ:uY1oUOZDlbeLmNKR/JZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks