Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b889ed362328cfcc37ce3617fe810de6_JaffaCakes118

  • Size

    176KB

  • Sample

    240617-pa6qtatgqq

  • MD5

    b889ed362328cfcc37ce3617fe810de6

  • SHA1

    d1dad1b1c27050855125002d1161648e678d0cc2

  • SHA256

    19e0b1b6a4402f911b01e412a83bd746db4735d6228d63c6619447bc2335dc6e

  • SHA512

    2a2ea2e0e95ddf79c9d9371f68bbcb140ce08e7af898dc1c5698c82c536ceef1989e42b20657eca26218eba6b431f21736c03ecc60ed15606b0d2f8fe54c5563

  • SSDEEP

    1536:CC+rdi1Ir77zOH98Wj2gpngx+a98H4oaJrtrYYnalL2VCf3okHU:GrfrzOH98ipggHEJrtrDnalL2Vw35U

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reseller-demo-website.com/discussion/qWWf8FS/

exe.dropper

https://www.mockdumps.com/test/Z2pJ/

exe.dropper

https://twisterprint.com/chrometheme/Vcr/

exe.dropper

http://simulations.org/rw_common/KfX2MW/

exe.dropper

http://planosdesaudesemcarencia.com/erros/JHoq/

exe.dropper

https://viaje-achina.com/wp-admin/A1O8tL/

exe.dropper

https://cearacultural.com.br/turismo/oy/

Targets

    • Target

      b889ed362328cfcc37ce3617fe810de6_JaffaCakes118

    • Size

      176KB

    • MD5

      b889ed362328cfcc37ce3617fe810de6

    • SHA1

      d1dad1b1c27050855125002d1161648e678d0cc2

    • SHA256

      19e0b1b6a4402f911b01e412a83bd746db4735d6228d63c6619447bc2335dc6e

    • SHA512

      2a2ea2e0e95ddf79c9d9371f68bbcb140ce08e7af898dc1c5698c82c536ceef1989e42b20657eca26218eba6b431f21736c03ecc60ed15606b0d2f8fe54c5563

    • SSDEEP

      1536:CC+rdi1Ir77zOH98Wj2gpngx+a98H4oaJrtrYYnalL2VCf3okHU:GrfrzOH98ipggHEJrtrDnalL2Vw35U

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks