Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aed66aad3586a27f08fbc479fdeccc94_JaffaCakes118

  • Size

    218KB

  • Sample

    240615-rqb79atdka

  • MD5

    aed66aad3586a27f08fbc479fdeccc94

  • SHA1

    1aa8cd8065bcee35a75453d6afaabff6768466cf

  • SHA256

    bc4b778fbb93e353944a23ec652f31f6f0dd58e0354b512c2ef4712fb5f3bd4b

  • SHA512

    491427d2a61e8ee9e1be23b980bfc1202a03de8145ff90116039f9c160900963a38591fa26db7ff493b9b0a0299083a6dab5576c8ff1ff8bde69b30c93380f5c

  • SSDEEP

    3072:vYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////8:x0uXnWFchmmcI/o1/X+pDw3n

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://somosdrucken.com/upload/GGQL96W/

exe.dropper

http://www.vedigitize.com/wp-includes/l9K6YJ/

exe.dropper

http://www.sosyalben.org/hpKTnb/

exe.dropper

http://www.sutomoresmestaj.net/menu/E/

exe.dropper

http://www.traveltoharamain.com/cgi-bin/b/

exe.dropper

http://www.thinkdesign4u.com/css/Rtc1/

exe.dropper

https://www.mwk-bionik.de/fileadmin/vOJ/

Targets

    • Target

      aed66aad3586a27f08fbc479fdeccc94_JaffaCakes118

    • Size

      218KB

    • MD5

      aed66aad3586a27f08fbc479fdeccc94

    • SHA1

      1aa8cd8065bcee35a75453d6afaabff6768466cf

    • SHA256

      bc4b778fbb93e353944a23ec652f31f6f0dd58e0354b512c2ef4712fb5f3bd4b

    • SHA512

      491427d2a61e8ee9e1be23b980bfc1202a03de8145ff90116039f9c160900963a38591fa26db7ff493b9b0a0299083a6dab5576c8ff1ff8bde69b30c93380f5c

    • SSDEEP

      3072:vYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////8:x0uXnWFchmmcI/o1/X+pDw3n

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks