Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    949cfeccd390a826df383a535889c10f_JaffaCakes118

  • Size

    170KB

  • Sample

    240604-m9pv8seb8y

  • MD5

    949cfeccd390a826df383a535889c10f

  • SHA1

    ad3a6780a0fce6eceb9581ba329e839a52c66908

  • SHA256

    dab27520c5577f059d11bd78d22f8d5cf492cdc0150781ba9b28b5fbacc5c185

  • SHA512

    da3e7b655a6b9d59d5c93982d3ce180ca765d1ae9f41fafbb7031b207d51cace0ba13a0bc68e56eb77fe9ff56e07bdea58a00269b3ce6e6d057bf6bd1014c2d5

  • SSDEEP

    1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9dWvrCv3Pt6DwV:s22TWTogk079THcpOu5UZCvw3Pt6DwV

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ckinterbiz.com/backup/waI0rNy/

exe.dropper

http://creationskateboards.com/shred/xnYp2/

exe.dropper

http://bnmintl.com/cgi-bin/hQuB2/

exe.dropper

http://buildingrobots.net/cgi-bin/LKgv/

exe.dropper

http://booksearch.com/index_files/U/

exe.dropper

http://davehale.ca/cgi-bin/v4kax/

exe.dropper

https://www.equiposjj.com/cgi-bin/h0MId/

Targets

    • Target

      949cfeccd390a826df383a535889c10f_JaffaCakes118

    • Size

      170KB

    • MD5

      949cfeccd390a826df383a535889c10f

    • SHA1

      ad3a6780a0fce6eceb9581ba329e839a52c66908

    • SHA256

      dab27520c5577f059d11bd78d22f8d5cf492cdc0150781ba9b28b5fbacc5c185

    • SHA512

      da3e7b655a6b9d59d5c93982d3ce180ca765d1ae9f41fafbb7031b207d51cace0ba13a0bc68e56eb77fe9ff56e07bdea58a00269b3ce6e6d057bf6bd1014c2d5

    • SSDEEP

      1536:sB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5Z+a9dWvrCv3Pt6DwV:s22TWTogk079THcpOu5UZCvw3Pt6DwV

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks