Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118

  • Size

    174KB

  • Sample

    240818-aecwzaxcpn

  • MD5

    a4a09a30b1a8ed03d56a45dc17e3ed95

  • SHA1

    41c2ee288189424ee7d5ef6cee7e0d26cdd2229b

  • SHA256

    355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a

  • SHA512

    023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10

  • SSDEEP

    3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://babyshop.webdungsan.com/wp-admin/n/

exe.dropper

http://nguyenlieuphachehanoi.com/wp-admin/kL/

exe.dropper

http://notesever.com/cgi-bin/Cfs/

exe.dropper

http://superbetprediction.com/js/Qo/

exe.dropper

http://pattanitkpark.com/gipe2h/iqt/

exe.dropper

http://www.xxdaytoy.top/wp-content/E/

exe.dropper

http://huaibangchina.com/kic3kc/c/

Targets

    • Target

      a4a09a30b1a8ed03d56a45dc17e3ed95_JaffaCakes118

    • Size

      174KB

    • MD5

      a4a09a30b1a8ed03d56a45dc17e3ed95

    • SHA1

      41c2ee288189424ee7d5ef6cee7e0d26cdd2229b

    • SHA256

      355499f144efa41f21d80a9c65951bc118d0198a598fbe5c252c1fe5e64cde9a

    • SHA512

      023abdc077c57051180f9ef76462ef12c9e5c8d7737955e175b0507ee6d695a1e53cfc599c8d92427332ca757402f34ab910c54d05adfbb8d96a1c8d24e65f10

    • SSDEEP

      3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hH7Q8eK0:UBtgVIveNZvn788x0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks