Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118

  • Size

    153KB

  • Sample

    240529-ej4byahf8v

  • MD5

    7f6d7b56a4d3eb019500684c5fc46e6c

  • SHA1

    069b0f68cdaa3df73e8199c5523e860efb144540

  • SHA256

    31aeb8e51051e3d4f523140e952cfdcbd12fa1f65bbb85e1b0050a67d61320b4

  • SHA512

    c08498503aa51604a3de8106f4d5128f8526e66d08fb7c4ae6c679aaea3eadf82e3cca2e5eba0a55afc9bf3e47a43f3132323f6c7f51fe6746f5226b84c08050

  • SSDEEP

    1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9B7Qb4HrO4u/Hg:VzrfrzOH98ipgd7I4HrO4u/Hg

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cnnmediaservices.com/wp-admin/czBMOhz/

exe.dropper

http://ak3.net/t0XJ/

exe.dropper

http://ovday.com/1umq/S5IWl04/

exe.dropper

http://gch7.com/wp-includes/Nkwp/

exe.dropper

http://chengmikeji.com/wp-includes/9QQ/

exe.dropper

http://blog.anseeing.com/sys-cache/h/

exe.dropper

http://1sync-wp.x.opencrm.eu/wp-content/Bu/

Targets

    • Target

      7f6d7b56a4d3eb019500684c5fc46e6c_JaffaCakes118

    • Size

      153KB

    • MD5

      7f6d7b56a4d3eb019500684c5fc46e6c

    • SHA1

      069b0f68cdaa3df73e8199c5523e860efb144540

    • SHA256

      31aeb8e51051e3d4f523140e952cfdcbd12fa1f65bbb85e1b0050a67d61320b4

    • SHA512

      c08498503aa51604a3de8106f4d5128f8526e66d08fb7c4ae6c679aaea3eadf82e3cca2e5eba0a55afc9bf3e47a43f3132323f6c7f51fe6746f5226b84c08050

    • SSDEEP

      1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9B7Qb4HrO4u/Hg:VzrfrzOH98ipgd7I4HrO4u/Hg

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks