Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d1c3a8567d4783dd0eeda20eab00b5b_JaffaCakes118

  • Size

    69KB

  • Sample

    240602-grwyyadg25

  • MD5

    8d1c3a8567d4783dd0eeda20eab00b5b

  • SHA1

    9c993205778a28a8e71a0315c7c32ac46a36a405

  • SHA256

    158bd5360e8a314ea7eb641808de86cde3e55bae9829d5c8f2a7e7e44b791b81

  • SHA512

    05421d307d863a950715ea10ae40662d06d6d968b1c2f19c0a31a8d019f8e72a5c47e20750fbf53cf27c767febcc2df9bda024dc08fa146ddaaf9bb66eb5717a

  • SSDEEP

    768:QpJcaUitGAlmrJpmxlzC+w99NB7+1oALIH5E+4Iwsp/6Z1DpXC:QptJlmrJpmxlRw99NB7+aA9+3wspyzV

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bioners.com/X8nV8i

exe.dropper

http://otiaki.com/33EKwRe

exe.dropper

http://bc-cdc.org/x

exe.dropper

http://marienthal.info/gIAl3AM

exe.dropper

http://jingtianyanglao.com/iaM5oV8

Targets

    • Target

      8d1c3a8567d4783dd0eeda20eab00b5b_JaffaCakes118

    • Size

      69KB

    • MD5

      8d1c3a8567d4783dd0eeda20eab00b5b

    • SHA1

      9c993205778a28a8e71a0315c7c32ac46a36a405

    • SHA256

      158bd5360e8a314ea7eb641808de86cde3e55bae9829d5c8f2a7e7e44b791b81

    • SHA512

      05421d307d863a950715ea10ae40662d06d6d968b1c2f19c0a31a8d019f8e72a5c47e20750fbf53cf27c767febcc2df9bda024dc08fa146ddaaf9bb66eb5717a

    • SSDEEP

      768:QpJcaUitGAlmrJpmxlzC+w99NB7+1oALIH5E+4Iwsp/6Z1DpXC:QptJlmrJpmxlRw99NB7+aA9+3wspyzV

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks