Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    844fb7bc81bfc7002245a6a66ae8a47e_JaffaCakes118

  • Size

    163KB

  • Sample

    240530-qqegyaab4v

  • MD5

    844fb7bc81bfc7002245a6a66ae8a47e

  • SHA1

    97e84d126cf307685a299ba7bac241d678a60406

  • SHA256

    999123e765753a8a7e01000077c615e01d9148be201c80c191843233e50ff54e

  • SHA512

    7b4ae0126630c78113d03b8a19a7f35232cf5a2f317b4d958b074978d43551f89b2dad6246cc272c61bbe3b4229e9c96e9788d1ee0686df0d5528e5ad43b0575

  • SSDEEP

    1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9a5ZVDEuEfBzoI9GQ:T/rfrzOH98ipguO5JzoYGQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cryptokuota.com/assets/M2ngTrJ/

exe.dropper

https://pinterusmedia.com/wp-admin/YX/

exe.dropper

https://aszcasino.com/aszdemo/DRloh/

exe.dropper

https://dubai-homes.ae/wp-admin/YBJR3M/

exe.dropper

https://whitdoit.tk/ljiy53n/xxE/

exe.dropper

http://4life.com.vn/wp-admin/R/

exe.dropper

http://baran-business.de/wp-content/pMr/

Targets

    • Target

      844fb7bc81bfc7002245a6a66ae8a47e_JaffaCakes118

    • Size

      163KB

    • MD5

      844fb7bc81bfc7002245a6a66ae8a47e

    • SHA1

      97e84d126cf307685a299ba7bac241d678a60406

    • SHA256

      999123e765753a8a7e01000077c615e01d9148be201c80c191843233e50ff54e

    • SHA512

      7b4ae0126630c78113d03b8a19a7f35232cf5a2f317b4d958b074978d43551f89b2dad6246cc272c61bbe3b4229e9c96e9788d1ee0686df0d5528e5ad43b0575

    • SSDEEP

      1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9a5ZVDEuEfBzoI9GQ:T/rfrzOH98ipguO5JzoYGQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks