Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    904e1365136041b958a2f407bcf6731b_JaffaCakes118

  • Size

    179KB

  • Sample

    240603-dbnqvagf5t

  • MD5

    904e1365136041b958a2f407bcf6731b

  • SHA1

    5131b48088dd3d75da858e8810c5888673955b5e

  • SHA256

    7c81019f932c35ff188d4260fe0b23ba6cb27363922cbb8265a8f3121e26c32f

  • SHA512

    3220099489dbafcd74f26148137cb568fd1c5e666887a06ce54bb842033d5c2a7da2cd62f894850547ccf488dff504c8ce846a3827a762e7c3b0c1dfb4b63a72

  • SSDEEP

    1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9mSGIRK9b/WYjd2LO6h/QC27TOvY:crfrzOH98ipg+SGYK9TngLOm27TOvY

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://sasystemsuk.com/index_files/j9b/

exe.dropper

https://case.gonukkad.com/sys-cache/fmC/

exe.dropper

http://vandamebuilders.com/wp-includes/OEyjc9x/

exe.dropper

https://nilinkeji.com/online/Dmz/

exe.dropper

http://paganwitch.com/wp-admin/CmubpSk/

exe.dropper

http://www.ekramco.ir/english/fn/

exe.dropper

http://votesteve.us/closed_zone/Bk/

Targets

    • Target

      904e1365136041b958a2f407bcf6731b_JaffaCakes118

    • Size

      179KB

    • MD5

      904e1365136041b958a2f407bcf6731b

    • SHA1

      5131b48088dd3d75da858e8810c5888673955b5e

    • SHA256

      7c81019f932c35ff188d4260fe0b23ba6cb27363922cbb8265a8f3121e26c32f

    • SHA512

      3220099489dbafcd74f26148137cb568fd1c5e666887a06ce54bb842033d5c2a7da2cd62f894850547ccf488dff504c8ce846a3827a762e7c3b0c1dfb4b63a72

    • SSDEEP

      1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9mSGIRK9b/WYjd2LO6h/QC27TOvY:crfrzOH98ipg+SGYK9TngLOm27TOvY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks