Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    af2a61fea70fc4b92dfc72bdd17ae2af_JaffaCakes118

  • Size

    161KB

  • Sample

    240820-pc33ps1cjc

  • MD5

    af2a61fea70fc4b92dfc72bdd17ae2af

  • SHA1

    9a7b42d1014ddc487430e446391e57d3ec1d0189

  • SHA256

    4b44a49d851cfe708c39124110dcb95dd328ecb52b9c80a0bc91c9fffd677ef0

  • SHA512

    d35a712a77f76ef2a906d1a58bd73b05406f0b09d5d9fdb4e5d18d5e355f3688af0f3850e5bd564fd2ee5e91751d0097edc131fd852cd835ed798275c0034e66

  • SSDEEP

    3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTCWJ3/t5AtmGj:+Ct+zjR9/TX07hHcJQTJvt5AtmGj

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://khobormalda.com/wp-content/82/

exe.dropper

http://blog.zunapro.com/wp-admin/LEE/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/

exe.dropper

https://online24h.biz/wp-admin/K/

exe.dropper

https://fepami.com/wp-includes/eaI/

exe.dropper

http://ora-ks.com/system/cache/w/

exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

    • Target

      af2a61fea70fc4b92dfc72bdd17ae2af_JaffaCakes118

    • Size

      161KB

    • MD5

      af2a61fea70fc4b92dfc72bdd17ae2af

    • SHA1

      9a7b42d1014ddc487430e446391e57d3ec1d0189

    • SHA256

      4b44a49d851cfe708c39124110dcb95dd328ecb52b9c80a0bc91c9fffd677ef0

    • SHA512

      d35a712a77f76ef2a906d1a58bd73b05406f0b09d5d9fdb4e5d18d5e355f3688af0f3850e5bd564fd2ee5e91751d0097edc131fd852cd835ed798275c0034e66

    • SSDEEP

      3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTCWJ3/t5AtmGj:+Ct+zjR9/TX07hHcJQTJvt5AtmGj

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks