Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ca84c781d6722c02a250ce9258cb650_JaffaCakes118

  • Size

    189KB

  • Sample

    240611-cezf3s1ajq

  • MD5

    9ca84c781d6722c02a250ce9258cb650

  • SHA1

    48c5c893a427b99e4b352e4668aa589829ed905c

  • SHA256

    6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f

  • SHA512

    7a08ba4709b95f5614d2b431327f2b1bf31fdf2f2f3f22f5926ea15657586483b880ca4cddfff039c492d76fd994b3322c989e1eda92f15ba056ae42c4f04817

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZNNu81zUz4LKvJ:E/TX07hHcJQXuezUEL4J

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/

exe.dropper

http://injazjordan.com/moodle/Vh/

exe.dropper

https://site1.xyz/wp-admin/Y/

exe.dropper

http://2bstone.com/vr7tf0c/ZD/

exe.dropper

http://biology-360.com/wp-admin/hv/

exe.dropper

http://tez-tour.site/wp-content/9sB/

exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      9ca84c781d6722c02a250ce9258cb650_JaffaCakes118

    • Size

      189KB

    • MD5

      9ca84c781d6722c02a250ce9258cb650

    • SHA1

      48c5c893a427b99e4b352e4668aa589829ed905c

    • SHA256

      6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f

    • SHA512

      7a08ba4709b95f5614d2b431327f2b1bf31fdf2f2f3f22f5926ea15657586483b880ca4cddfff039c492d76fd994b3322c989e1eda92f15ba056ae42c4f04817

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZNNu81zUz4LKvJ:E/TX07hHcJQXuezUEL4J

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks