Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118

  • Size

    217KB

  • Sample

    240611-v6ceqsvgkp

  • MD5

    9f0072ce02154d79381fe3c99d7774d5

  • SHA1

    dde7281ab3843f816a93e8595107c383fab57b1c

  • SHA256

    75f1d2e9cd7d7f7f877e0758fec979992b23073f7c56ff8b3fbe8fc5c89d0adb

  • SHA512

    1924025ca7a59a7097d24cfd77920596516c9ab46bcfff5da377450d722fad3fecb77f9dee19e3a9e227676c0243645bdb58b7bce6d6edf6f12fc5d47f0bd8e1

  • SSDEEP

    1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9YRQ3n7fxdSoNRf:K22TWTogk079THcpOu5UZ93zBR5gkfx

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://fulfillmententertainment.com/cgi-bin/jO/

exe.dropper

http://meadtimes.com/wp-content/VZrDrTw/

exe.dropper

http://pinturasydecoracionluis.com/wp-admin/fK3/

exe.dropper

http://oconsign.com/cgi-bin/koLViD/

exe.dropper

http://umapreowned.com/wp-admin/XF7RBbs/

exe.dropper

http://kitecorp.ca/wp-includes/kEI98N/

exe.dropper

http://moneyii.com/website/ddeoUDo/

Targets

    • Target

      9f0072ce02154d79381fe3c99d7774d5_JaffaCakes118

    • Size

      217KB

    • MD5

      9f0072ce02154d79381fe3c99d7774d5

    • SHA1

      dde7281ab3843f816a93e8595107c383fab57b1c

    • SHA256

      75f1d2e9cd7d7f7f877e0758fec979992b23073f7c56ff8b3fbe8fc5c89d0adb

    • SHA512

      1924025ca7a59a7097d24cfd77920596516c9ab46bcfff5da377450d722fad3fecb77f9dee19e3a9e227676c0243645bdb58b7bce6d6edf6f12fc5d47f0bd8e1

    • SSDEEP

      1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9YRQ3n7fxdSoNRf:K22TWTogk079THcpOu5UZ93zBR5gkfx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks