Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9eb53a1184d32b28b60e70f8a1ae014c_JaffaCakes118

  • Size

    189KB

  • Sample

    240611-s98w1asdkh

  • MD5

    9eb53a1184d32b28b60e70f8a1ae014c

  • SHA1

    b5dee667db6ef767f80dbd29e34f94f32d80a618

  • SHA256

    3363296e9722855be2f507d21bb80db729d4452c72d517969689ed5592447652

  • SHA512

    20fa48218d461bcaefa5cdcaf19129a7f58244d3e4fe6083ffb84cf2de7ed23f5383d86f0fad0ca6a8e1a06507e6d2685c4d04011183104691a39752c2877c70

  • SSDEEP

    1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d8O:M8rfrzOH98ipgBLT3R

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://amettatravel.com/wp-admin/1/

exe.dropper

http://iqauthority.com/wp-admin/9Id/

exe.dropper

http://www.sifesro.com/wp-includes/o/

exe.dropper

http://oneinsix.com/test/0/

exe.dropper

https://dramacool9.live/scbvq1/sPT/

exe.dropper

http://blog.geekpai.top/rmebw/x/

exe.dropper

https://datxanhmienbac.info/lfb8ii/LmG/

Targets

    • Target

      9eb53a1184d32b28b60e70f8a1ae014c_JaffaCakes118

    • Size

      189KB

    • MD5

      9eb53a1184d32b28b60e70f8a1ae014c

    • SHA1

      b5dee667db6ef767f80dbd29e34f94f32d80a618

    • SHA256

      3363296e9722855be2f507d21bb80db729d4452c72d517969689ed5592447652

    • SHA512

      20fa48218d461bcaefa5cdcaf19129a7f58244d3e4fe6083ffb84cf2de7ed23f5383d86f0fad0ca6a8e1a06507e6d2685c4d04011183104691a39752c2877c70

    • SSDEEP

      1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d8O:M8rfrzOH98ipgBLT3R

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks