Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118

  • Size

    220KB

  • Sample

    240611-zv75gs1frj

  • MD5

    9f81a86983ccf0dce7d16120dea442bc

  • SHA1

    72c75278d18f1a6f529df337dc3e04a02a020352

  • SHA256

    5ea7adc9ca4c1270e03f8b693fa75922364406dabbd417dd7d3583fdd1becd9f

  • SHA512

    cca99b24aa3ea69d170bfd18279845b560b6b8ed68970c7643bb6a3a97fd91bd9cdfa3832b76bf68e2baa0c7730ae21580a80989b4ca4ba94a45be156747538f

  • SSDEEP

    3072:b4tcTvjvTY140818tIP4ovpRSGju9jDW1M+7mp3i:EtcnvE140o8tIP4apSjDjmUi

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hottco.com/stats/erd/

exe.dropper

http://dutarini.com/cgi-bin/6/

exe.dropper

https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/

exe.dropper

http://pastaciyiz.biz/wp-includes/fvx/

exe.dropper

https://dogaltrm.com/components/r6h/

exe.dropper

https://dortislem.net/administrator/c/

exe.dropper

https://onyourleftracing.com/cgi-bin/QcC/

Targets

    • Target

      9f81a86983ccf0dce7d16120dea442bc_JaffaCakes118

    • Size

      220KB

    • MD5

      9f81a86983ccf0dce7d16120dea442bc

    • SHA1

      72c75278d18f1a6f529df337dc3e04a02a020352

    • SHA256

      5ea7adc9ca4c1270e03f8b693fa75922364406dabbd417dd7d3583fdd1becd9f

    • SHA512

      cca99b24aa3ea69d170bfd18279845b560b6b8ed68970c7643bb6a3a97fd91bd9cdfa3832b76bf68e2baa0c7730ae21580a80989b4ca4ba94a45be156747538f

    • SSDEEP

      3072:b4tcTvjvTY140818tIP4ovpRSGju9jDW1M+7mp3i:EtcnvE140o8tIP4apSjDjmUi

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks