Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6e6523c4e19fc481c9c97e782a72cfa_JaffaCakes118

  • Size

    78KB

  • Sample

    240818-q496rsygrl

  • MD5

    a6e6523c4e19fc481c9c97e782a72cfa

  • SHA1

    ee2d41aaa87bd4685c957d6bf09c2a32e4e6b5aa

  • SHA256

    5015274753021e3190bfc5d80f88189804b6e86e252acec56dd40ba99367a807

  • SHA512

    a344c63cdde4e678f9c9e9df4ecf7c6eb123035f73a0ee24bad50524f4cc1d28778c78f2a3f0cf47c74067971f0eabf082059e9a62af266183f50637637dd73c

  • SSDEEP

    768:WUzHVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBx+1oVA2SWQd32ef2RGGrTb:WQHocn1kp59gxBK85fBx+aVdU2eiGo

Malware Config

Targets

    • Target

      a6e6523c4e19fc481c9c97e782a72cfa_JaffaCakes118

    • Size

      78KB

    • MD5

      a6e6523c4e19fc481c9c97e782a72cfa

    • SHA1

      ee2d41aaa87bd4685c957d6bf09c2a32e4e6b5aa

    • SHA256

      5015274753021e3190bfc5d80f88189804b6e86e252acec56dd40ba99367a807

    • SHA512

      a344c63cdde4e678f9c9e9df4ecf7c6eb123035f73a0ee24bad50524f4cc1d28778c78f2a3f0cf47c74067971f0eabf082059e9a62af266183f50637637dd73c

    • SSDEEP

      768:WUzHVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBx+1oVA2SWQd32ef2RGGrTb:WQHocn1kp59gxBK85fBx+aVdU2eiGo

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks