Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d6af41ee21d0d24be9a8c0443464f3f_JaffaCakes118

  • Size

    129KB

  • Sample

    240812-fn3fwa1bqc

  • MD5

    8d6af41ee21d0d24be9a8c0443464f3f

  • SHA1

    2ac4cb1b47a63c03afe242137c03bc460810f726

  • SHA256

    5c00430991a28daff019acc9d8c4abdabf88b60aaf49d31d34bf6836dea48caf

  • SHA512

    40083a31339e757c919ed337ce84e403b2b778c4926c2784907618724bcff568fdc3da83cad510b2c0fb61bd54d948784fab38542682cc0807d38adb989285bb

  • SSDEEP

    3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45516.2097292824.dat

xlm40.dropper

http://5.196.247.11/45516.2097292824.dat

xlm40.dropper

http://188.119.113.3/45516.2097292824.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.165/45516.2097611111.dat

xlm40.dropper

http://5.196.247.11/45516.2097611111.dat

xlm40.dropper

http://188.119.113.3/45516.2097611111.dat

Targets

    • Target

      8d6af41ee21d0d24be9a8c0443464f3f_JaffaCakes118

    • Size

      129KB

    • MD5

      8d6af41ee21d0d24be9a8c0443464f3f

    • SHA1

      2ac4cb1b47a63c03afe242137c03bc460810f726

    • SHA256

      5c00430991a28daff019acc9d8c4abdabf88b60aaf49d31d34bf6836dea48caf

    • SHA512

      40083a31339e757c919ed337ce84e403b2b778c4926c2784907618724bcff568fdc3da83cad510b2c0fb61bd54d948784fab38542682cc0807d38adb989285bb

    • SSDEEP

      3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks