Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7583c3314352b95a859b1850241ec4c_JaffaCakes118

  • Size

    87KB

  • Sample

    240828-wcnrcaycld

  • MD5

    c7583c3314352b95a859b1850241ec4c

  • SHA1

    686021b468397700f6cbba09d7374a4ba4a82afc

  • SHA256

    6d1522b971a391ad16352b8cd205416729b99239fbc9101c43ad9c5b50f876c2

  • SHA512

    f3ccbde93f73ddcd21c53219cd33b1563f051e76485d5bfe3715c46de712f7ac5f34ad17e01b32c485d0e1d1c61651ccb23089e38097fe2a4774a285c6737710

  • SSDEEP

    1536:aptJlmrJpmxlRw99NBj+aIc0IvHsA99l:Gte2dw99f1UA99l

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://lw.mirkre.com/CdKQQ

exe.dropper

http://dent.doctor-korchagina.ru/Dkxxo

exe.dropper

http://ehisblogtutorial.tk/0SIC3

exe.dropper

http://fendy.lightux.com/BriMn5Vx

exe.dropper

http://founderspond.skyries.com/KkfYR

Targets

    • Target

      c7583c3314352b95a859b1850241ec4c_JaffaCakes118

    • Size

      87KB

    • MD5

      c7583c3314352b95a859b1850241ec4c

    • SHA1

      686021b468397700f6cbba09d7374a4ba4a82afc

    • SHA256

      6d1522b971a391ad16352b8cd205416729b99239fbc9101c43ad9c5b50f876c2

    • SHA512

      f3ccbde93f73ddcd21c53219cd33b1563f051e76485d5bfe3715c46de712f7ac5f34ad17e01b32c485d0e1d1c61651ccb23089e38097fe2a4774a285c6737710

    • SSDEEP

      1536:aptJlmrJpmxlRw99NBj+aIc0IvHsA99l:Gte2dw99f1UA99l

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks