Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118

  • Size

    202KB

  • Sample

    240824-vfrrqs1hkq

  • MD5

    bf0b0a3501aeb456a2513f8bd43f558a

  • SHA1

    b17d1b89ea913666b7eacb2fddad6f1cc045a63a

  • SHA256

    00aa2833332261ee444a5437a5ab56474bb743924d2d1be87777f4fa2a1688c5

  • SHA512

    cbbdb24c134370184b497dfae451de094ac56e4eacf07f69268347bd81e9e9290536ddcb9b7730a754fc11a76afa263960502d0e701ef1c194ed88001ecdac4a

  • SSDEEP

    3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZYpSgKsiEHE+b64JE:dBtgVIveNZvn6zKjEkc6cE

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://bavhome.com/wp-content/td/

exe.dropper

http://hercinovic.com/cgi-bin/mZt/

exe.dropper

https://jeffdahlke.com/css/3u/

exe.dropper

http://calledtochange.org/CalledtoChange/V/

exe.dropper

http://daoisthealing.com/cgi-bin/c/

exe.dropper

https://scyzm.net/wp-content/j/

exe.dropper

http://www.bismarjeparamebel.com/u/pCp/

Targets

    • Target

      bf0b0a3501aeb456a2513f8bd43f558a_JaffaCakes118

    • Size

      202KB

    • MD5

      bf0b0a3501aeb456a2513f8bd43f558a

    • SHA1

      b17d1b89ea913666b7eacb2fddad6f1cc045a63a

    • SHA256

      00aa2833332261ee444a5437a5ab56474bb743924d2d1be87777f4fa2a1688c5

    • SHA512

      cbbdb24c134370184b497dfae451de094ac56e4eacf07f69268347bd81e9e9290536ddcb9b7730a754fc11a76afa263960502d0e701ef1c194ed88001ecdac4a

    • SSDEEP

      3072:dUqJ1NgsA8k/gvh0NZ0lGX1nZ7ZYpSgKsiEHE+b64JE:dBtgVIveNZvn6zKjEkc6cE

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks