Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118

  • Size

    162KB

  • Sample

    240906-ttehwswgmh

  • MD5

    cff36af596a5ae63412a79bf6de88ed1

  • SHA1

    5be5e50d16b538507c7c6d95c271d995e4ede564

  • SHA256

    8c312805d2cac10a8deaaa7ee8aaad782a4a93eade429042f8ac234b2716be7e

  • SHA512

    6e53617efbf57703502535770b28ca094cd9d32f340725b27a9866aa7409461590e3da2be34a4218e05a6b6d43125bc98f059640a9f1b85d5ef0bd44b01bc749

  • SSDEEP

    1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a965ZVDEuEfBzoIRGQ:T/rfrzOH98ipg+O5JzoQGQ

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cryptokuota.com/assets/M2ngTrJ/

exe.dropper

https://pinterusmedia.com/wp-admin/YX/

exe.dropper

https://aszcasino.com/aszdemo/DRloh/

exe.dropper

https://dubai-homes.ae/wp-admin/YBJR3M/

exe.dropper

https://whitdoit.tk/ljiy53n/xxE/

exe.dropper

http://4life.com.vn/wp-admin/R/

exe.dropper

http://baran-business.de/wp-content/pMr/

Targets

    • Target

      cff36af596a5ae63412a79bf6de88ed1_JaffaCakes118

    • Size

      162KB

    • MD5

      cff36af596a5ae63412a79bf6de88ed1

    • SHA1

      5be5e50d16b538507c7c6d95c271d995e4ede564

    • SHA256

      8c312805d2cac10a8deaaa7ee8aaad782a4a93eade429042f8ac234b2716be7e

    • SHA512

      6e53617efbf57703502535770b28ca094cd9d32f340725b27a9866aa7409461590e3da2be34a4218e05a6b6d43125bc98f059640a9f1b85d5ef0bd44b01bc749

    • SSDEEP

      1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a965ZVDEuEfBzoIRGQ:T/rfrzOH98ipg+O5JzoQGQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks