Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9df3dfb3086ef49424497bc720f197cf_JaffaCakes118

  • Size

    152KB

  • Sample

    240611-m3zrvsvane

  • MD5

    9df3dfb3086ef49424497bc720f197cf

  • SHA1

    4052642c9a465f9af8c775290b228c115a241fc0

  • SHA256

    0d03a769eb60d885882b834ddd84cc95d6194f91253998018f25169605161758

  • SHA512

    d4fa10ddcefa5fce6130cfe45bb32c671dbd3b7a01db2a6ffe0e5fc6051d78f0495bbf4ebe8a91083e58e45a4fe8ce0c432e024cbd3865c48ebb4ae54c77cb83

  • SSDEEP

    1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9w7Qb4HrO4u9HA:VzrfrzOH98ipgM7I4HrO4u9HA

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cnnmediaservices.com/wp-admin/czBMOhz/

exe.dropper

http://ak3.net/t0XJ/

exe.dropper

http://ovday.com/1umq/S5IWl04/

exe.dropper

http://gch7.com/wp-includes/Nkwp/

exe.dropper

http://chengmikeji.com/wp-includes/9QQ/

exe.dropper

http://blog.anseeing.com/sys-cache/h/

exe.dropper

http://1sync-wp.x.opencrm.eu/wp-content/Bu/

Targets

    • Target

      9df3dfb3086ef49424497bc720f197cf_JaffaCakes118

    • Size

      152KB

    • MD5

      9df3dfb3086ef49424497bc720f197cf

    • SHA1

      4052642c9a465f9af8c775290b228c115a241fc0

    • SHA256

      0d03a769eb60d885882b834ddd84cc95d6194f91253998018f25169605161758

    • SHA512

      d4fa10ddcefa5fce6130cfe45bb32c671dbd3b7a01db2a6ffe0e5fc6051d78f0495bbf4ebe8a91083e58e45a4fe8ce0c432e024cbd3865c48ebb4ae54c77cb83

    • SSDEEP

      1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9w7Qb4HrO4u9HA:VzrfrzOH98ipgM7I4HrO4u9HA

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks