Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f2b0e5e945932cf80abcb659170103b_JaffaCakes118

  • Size

    157KB

  • Sample

    240529-cgzjvseb61

  • MD5

    7f2b0e5e945932cf80abcb659170103b

  • SHA1

    0055e24084e32b45466295d13cb90ebdc5e6cd3f

  • SHA256

    712e615431a31f1c860bfa02c6f87f1c0e4238d6b1d4a9cbf12aa9f4328b0ba7

  • SHA512

    bb090e424e3371b3d54f099d2b8095c6f62975ea192cd00802cd0e35694fc0ced9834a2b42ca45e6baca41be37b5eea9a4a96bbfe02b2813a646eafabe7d4229

  • SSDEEP

    1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9NTgwQx5EvGtarWfjPYKwAL+wT+5Q:CrfrzOH98ipgPwT+5Q

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://chengmikeji.com/wp-includes/mxbiVC/

exe.dropper

http://18.217.198.135/wp-admin/D/

exe.dropper

https://mixnchic.com/installo/vExTq/

exe.dropper

http://portalpymes.es/http:/yCVBv/

exe.dropper

http://www.gozowindmill.com/meteo/i5PR3e/

exe.dropper

http://transfersuvan.com/wp-admin/bfK/

exe.dropper

http://arquivopop.com.br/index_htm_files/bk/

Targets

    • Target

      7f2b0e5e945932cf80abcb659170103b_JaffaCakes118

    • Size

      157KB

    • MD5

      7f2b0e5e945932cf80abcb659170103b

    • SHA1

      0055e24084e32b45466295d13cb90ebdc5e6cd3f

    • SHA256

      712e615431a31f1c860bfa02c6f87f1c0e4238d6b1d4a9cbf12aa9f4328b0ba7

    • SHA512

      bb090e424e3371b3d54f099d2b8095c6f62975ea192cd00802cd0e35694fc0ced9834a2b42ca45e6baca41be37b5eea9a4a96bbfe02b2813a646eafabe7d4229

    • SSDEEP

      1536:vToTVrdi1Ir77zOH98Wj2gpngd+a9NTgwQx5EvGtarWfjPYKwAL+wT+5Q:CrfrzOH98ipgPwT+5Q

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks