Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b6e8733190b6c6ae7e12b5204c80274c_JaffaCakes118

  • Size

    133KB

  • Sample

    240822-jvzv4szanr

  • MD5

    b6e8733190b6c6ae7e12b5204c80274c

  • SHA1

    541fb3dd19ad8e264dbfa55c55ef7f8a5b8a7e86

  • SHA256

    77641e6ce42f0cfb1e07679d1910a7c600c2a36aacb8c3839596271c047dc0cc

  • SHA512

    3665de96d3aa14ec6af1ca326578b0732f89c5e195103a4a74d79150c639ca3fdc14f631c9ab98602395f908335f88c8a5f27a50f550926439e5ec47d0c75a6a

  • SSDEEP

    1536:00WRD3bNqfNpu39IId5a6XP3Mg8af2q6KEbelP4OvqTl1ygIdavkHUXeONvl8:MR1qf69xak3Mgx2hbvl8

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://digimarketery.com/wp-admin/p/

exe.dropper

http://www.mdmfashionbrand.com/softaculous/E6/

exe.dropper

http://unicusadvisors.com/wp-content/plugins/wp-file-manager--/3/

exe.dropper

http://castilloreservado2.com/wp-content/D/

exe.dropper

https://edwardlongmire.com/w2ei/hI/

exe.dropper

http://mathispros.sctestinglab.com/wp-content/5/

exe.dropper

https://samsportal.org/images/9p/

Targets

    • Target

      b6e8733190b6c6ae7e12b5204c80274c_JaffaCakes118

    • Size

      133KB

    • MD5

      b6e8733190b6c6ae7e12b5204c80274c

    • SHA1

      541fb3dd19ad8e264dbfa55c55ef7f8a5b8a7e86

    • SHA256

      77641e6ce42f0cfb1e07679d1910a7c600c2a36aacb8c3839596271c047dc0cc

    • SHA512

      3665de96d3aa14ec6af1ca326578b0732f89c5e195103a4a74d79150c639ca3fdc14f631c9ab98602395f908335f88c8a5f27a50f550926439e5ec47d0c75a6a

    • SSDEEP

      1536:00WRD3bNqfNpu39IId5a6XP3Mg8af2q6KEbelP4OvqTl1ygIdavkHUXeONvl8:MR1qf69xak3Mgx2hbvl8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks