Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad03848914f32c13d42c4ec04ad0055f_JaffaCakes118

  • Size

    210KB

  • Sample

    240615-f8perazejh

  • MD5

    ad03848914f32c13d42c4ec04ad0055f

  • SHA1

    27ea1fd75618638deef4f376ae5f02eb5d15252d

  • SHA256

    d16af644e142dc68661bf08ed7323e85be44834275442de9cc50dd9428251ee0

  • SHA512

    e86dd09b80c92854a93d75ee55976764ccd91176c27f589135c2121b847af8b2b753371edf7b0ebfa2a29088cb32b8eda4d3c30da7895bdbf1f60056c9f51081

  • SSDEEP

    3072:jDX920f/bSvGff0dvqr+/iNKDzaJFUKc0UTE7yZRUV7RJeOzi8E:d2KS+RSaEDzYUTE7yZRVUi8E

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://easyaccesshs.com/WYPsCYUe_89F0oV

exe.dropper

http://dowseservices.com/Cna7kt_HtIAD2LqT_rXDH9b

exe.dropper

http://www.immo-en-israel.com/mP7mhva_1xVx_6tOstw7

exe.dropper

http://www.giancarlopuppo.com/tmp/3JBXN3_NmitWLk37_trb2wuQ

exe.dropper

http://kcpaving.co.za/vTzd_4jLXhB6AV

Targets

    • Target

      ad03848914f32c13d42c4ec04ad0055f_JaffaCakes118

    • Size

      210KB

    • MD5

      ad03848914f32c13d42c4ec04ad0055f

    • SHA1

      27ea1fd75618638deef4f376ae5f02eb5d15252d

    • SHA256

      d16af644e142dc68661bf08ed7323e85be44834275442de9cc50dd9428251ee0

    • SHA512

      e86dd09b80c92854a93d75ee55976764ccd91176c27f589135c2121b847af8b2b753371edf7b0ebfa2a29088cb32b8eda4d3c30da7895bdbf1f60056c9f51081

    • SSDEEP

      3072:jDX920f/bSvGff0dvqr+/iNKDzaJFUKc0UTE7yZRUV7RJeOzi8E:d2KS+RSaEDzYUTE7yZRVUi8E

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks