Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8276b8d012af8de62e9fb51a491c92d1_JaffaCakes118

  • Size

    154KB

  • Sample

    240530-ag9nqagb84

  • MD5

    8276b8d012af8de62e9fb51a491c92d1

  • SHA1

    478ebc666f5cdbbd5020c8dc46ea06c32cf24b6b

  • SHA256

    b75def84d6907e45b5d49294b334f5691628413ba5ddb2c9e22e6d3e56992f63

  • SHA512

    069e0fb89f9a98b0afc5ec43eb896e8248a0a040d82f20661c15f703f6111ff3a8eb85326a3e91f1373c694928068a8a57180fce73b19b0833ba6142930f888c

  • SSDEEP

    1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9xQ54LW06u:5rfrzOH98ipgt+qD6u

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://intrasistemas.com/cgi-bin/mTQls3/

exe.dropper

http://gforcems.it/modules/D/

exe.dropper

http://cooltattoo.es/hatone/6YAA0O2/

exe.dropper

http://diesner.de/css/cf/

exe.dropper

http://go4it24.be/administrator/Q1r3/

exe.dropper

http://eltrafalgar.com/wp-includes/VFSi/

exe.dropper

http://infoestudio.es/cursos/qPP/

Targets

    • Target

      8276b8d012af8de62e9fb51a491c92d1_JaffaCakes118

    • Size

      154KB

    • MD5

      8276b8d012af8de62e9fb51a491c92d1

    • SHA1

      478ebc666f5cdbbd5020c8dc46ea06c32cf24b6b

    • SHA256

      b75def84d6907e45b5d49294b334f5691628413ba5ddb2c9e22e6d3e56992f63

    • SHA512

      069e0fb89f9a98b0afc5ec43eb896e8248a0a040d82f20661c15f703f6111ff3a8eb85326a3e91f1373c694928068a8a57180fce73b19b0833ba6142930f888c

    • SSDEEP

      1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9xQ54LW06u:5rfrzOH98ipgt+qD6u

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks