Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c06a2e5abd9ac5e50c7e1acc180fa4e2_JaffaCakes118

  • Size

    137KB

  • Sample

    240825-k7a8ysyanp

  • MD5

    c06a2e5abd9ac5e50c7e1acc180fa4e2

  • SHA1

    51bf7e1cac1e7f64289051b7a891804e1577ff51

  • SHA256

    5f50deac85a3e3e51cb6c6d7f8fa81f1e426281225e8e685c90a32f23c8b15d8

  • SHA512

    811ca504c7ae4b2b0dc20c374c467ba330a27805008b700022c22f43909406de463944d5d6c0ff09ac4985c50551d1d3c5aff157f603d85014f0fa89ab1d39ae

  • SSDEEP

    1536:mFM5O81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9cX9jvVJZeI:G8GhDS0o9zTGOZD6EbzCdqX9DVuI

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.exclusivetvlnet.com/eb1o4

exe.dropper

http://rashmigupta.com/eU6

exe.dropper

http://dellaconnor.com/6uHd8l

exe.dropper

http://whitecertifiedangusbeef.com/eLUIv5P2

exe.dropper

http://aidspolicyproject.org/u

Targets

    • Target

      c06a2e5abd9ac5e50c7e1acc180fa4e2_JaffaCakes118

    • Size

      137KB

    • MD5

      c06a2e5abd9ac5e50c7e1acc180fa4e2

    • SHA1

      51bf7e1cac1e7f64289051b7a891804e1577ff51

    • SHA256

      5f50deac85a3e3e51cb6c6d7f8fa81f1e426281225e8e685c90a32f23c8b15d8

    • SHA512

      811ca504c7ae4b2b0dc20c374c467ba330a27805008b700022c22f43909406de463944d5d6c0ff09ac4985c50551d1d3c5aff157f603d85014f0fa89ab1d39ae

    • SSDEEP

      1536:mFM5O81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9cX9jvVJZeI:G8GhDS0o9zTGOZD6EbzCdqX9DVuI

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks