Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f3b775ee8cec83bdfe8e0747ba969b1_JaffaCakes118

  • Size

    163KB

  • Sample

    240529-c3gwyaga59

  • MD5

    7f3b775ee8cec83bdfe8e0747ba969b1

  • SHA1

    2fa3261dab59770006e6dfb8a19bb0a07cbb1e4b

  • SHA256

    f1015f29157f28368210d1dd62f775bb1bab85fa3986d32868d994cd677eae60

  • SHA512

    95805f4e9142beb89f39c388442cfe1fe9834df4eeb7d88d8cc8aa0c6dcb4cef0d04d70fba4b347afd228f4e64df4c18371c841847d00bb8e93764f9efae9915

  • SSDEEP

    1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Lay9y0J6f264NUs:mrfrzOH98ipgpPJ6fQUs

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.yusukelife.com/wp/ure/

exe.dropper

https://www.ingyouth.com/wp-includes/0zCW/

exe.dropper

http://alphapharma247.com/wp-content/plugins/r/

exe.dropper

http://muanha24h.com/wp-content/fHS7/

exe.dropper

http://buyhacks.net/wp-content/jgLqdhk/

exe.dropper

https://comsotaque.com/wp-includes/5i/

exe.dropper

https://qualitychildcarepreschool.com/emqblk/Ik2D/

Targets

    • Target

      7f3b775ee8cec83bdfe8e0747ba969b1_JaffaCakes118

    • Size

      163KB

    • MD5

      7f3b775ee8cec83bdfe8e0747ba969b1

    • SHA1

      2fa3261dab59770006e6dfb8a19bb0a07cbb1e4b

    • SHA256

      f1015f29157f28368210d1dd62f775bb1bab85fa3986d32868d994cd677eae60

    • SHA512

      95805f4e9142beb89f39c388442cfe1fe9834df4eeb7d88d8cc8aa0c6dcb4cef0d04d70fba4b347afd228f4e64df4c18371c841847d00bb8e93764f9efae9915

    • SSDEEP

      1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Lay9y0J6f264NUs:mrfrzOH98ipgpPJ6fQUs

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks