Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    abbc6b68bd44d71ab99aa0ae8c028ef5_JaffaCakes118

  • Size

    159KB

  • Sample

    240614-198v1ascll

  • MD5

    abbc6b68bd44d71ab99aa0ae8c028ef5

  • SHA1

    7993336c1ab25eacaa1b689f0fc8233281ec9077

  • SHA256

    53a69d30f1a076c6330a4738e22990f94090def9eb771e314d79c3c1a9234ca2

  • SHA512

    82a90be29c9d5900ec5baef31bf4ba1ddd25c98520842db674ef547e06e8f587ef76fe5d76c9a6db1662a9a047e134d9fed8dd0afaa1e308af7be793f80b56bf

  • SSDEEP

    1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a9H6Fgx+re7:ErfrzOH98ipgf6FO+a7

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://citas.nubeweb24.com/wp-admin/bd0/

exe.dropper

http://wallenkelley.xyz/wp-content/A1/

exe.dropper

http://noraiport.nubeweb24.com/wp-admin/eh5/

exe.dropper

https://citybasket.in/sitemap/quZ/

exe.dropper

http://tingme.vn/wp-content/plugins/X/

exe.dropper

https://fairplay.company/wp-includes/H/

exe.dropper

https://casa.nubeweb24.com/wp-admin/hiR/

Targets

    • Target

      abbc6b68bd44d71ab99aa0ae8c028ef5_JaffaCakes118

    • Size

      159KB

    • MD5

      abbc6b68bd44d71ab99aa0ae8c028ef5

    • SHA1

      7993336c1ab25eacaa1b689f0fc8233281ec9077

    • SHA256

      53a69d30f1a076c6330a4738e22990f94090def9eb771e314d79c3c1a9234ca2

    • SHA512

      82a90be29c9d5900ec5baef31bf4ba1ddd25c98520842db674ef547e06e8f587ef76fe5d76c9a6db1662a9a047e134d9fed8dd0afaa1e308af7be793f80b56bf

    • SSDEEP

      1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a9H6Fgx+re7:ErfrzOH98ipgf6FO+a7

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks