Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118

  • Size

    153KB

  • Sample

    240529-djx99agg87

  • MD5

    7f4bc0549c7d148ec198903fdd9fbb1f

  • SHA1

    e9a44b4aa3da20d9345fe860bde5e137b10b1820

  • SHA256

    7e7d1803366d468d089ff0c15817cc44e03d3cc5109473086a613b68cf5cde80

  • SHA512

    53994bdc4ab23e49526648a6b3f709e0716ccc4c673e3e75f21e1a1060ae19a07af5fe32d28fce5309e39d6b7183b3a97fe2ccdcff90c936ea8f351851a94852

  • SSDEEP

    1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9j7Qb4HrO4uiHA:VzrfrzOH98ipg37I4HrO4uiHA

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cnnmediaservices.com/wp-admin/czBMOhz/

exe.dropper

http://ak3.net/t0XJ/

exe.dropper

http://ovday.com/1umq/S5IWl04/

exe.dropper

http://gch7.com/wp-includes/Nkwp/

exe.dropper

http://chengmikeji.com/wp-includes/9QQ/

exe.dropper

http://blog.anseeing.com/sys-cache/h/

exe.dropper

http://1sync-wp.x.opencrm.eu/wp-content/Bu/

Targets

    • Target

      7f4bc0549c7d148ec198903fdd9fbb1f_JaffaCakes118

    • Size

      153KB

    • MD5

      7f4bc0549c7d148ec198903fdd9fbb1f

    • SHA1

      e9a44b4aa3da20d9345fe860bde5e137b10b1820

    • SHA256

      7e7d1803366d468d089ff0c15817cc44e03d3cc5109473086a613b68cf5cde80

    • SHA512

      53994bdc4ab23e49526648a6b3f709e0716ccc4c673e3e75f21e1a1060ae19a07af5fe32d28fce5309e39d6b7183b3a97fe2ccdcff90c936ea8f351851a94852

    • SSDEEP

      1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9j7Qb4HrO4uiHA:VzrfrzOH98ipg37I4HrO4uiHA

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks