Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118

  • Size

    169KB

  • Sample

    240907-3z7lasvekh

  • MD5

    d318f3b6d53e6d4da4a67fc3ffb7cb1f

  • SHA1

    7c57dc98ffd144396528c1b9f5d674c6f5acae59

  • SHA256

    65bf16cbd3175b7dda73dded17b19b4dc8d8501e4c40140b053ba45dcd480ffc

  • SHA512

    0bcfbd3fbb34f6b188ca1b5f38aa06a134355361fb7390ccc720e3fe90ec863e70c34bac43ff4f018c5891e62ca24b4615a72ffd7b08703ef2746484b462dd38

  • SSDEEP

    1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HP:trfrzOH98ipgDlqwi

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://theccwork.com/mail.theccwork.com/IJp/

exe.dropper

https://www.retirementprofessional.com/wp-admin/tjQ/

exe.dropper

https://writingfromling.live/wp-admin/GL/

exe.dropper

http://shahqutubuddin.org/ix/

exe.dropper

https://jumpstart.store/wp-admin/q/

exe.dropper

https://aidenshirt.com/wp-admin/e6f/

exe.dropper

https://edenrug.store/wp-admin/H/

Targets

    • Target

      d318f3b6d53e6d4da4a67fc3ffb7cb1f_JaffaCakes118

    • Size

      169KB

    • MD5

      d318f3b6d53e6d4da4a67fc3ffb7cb1f

    • SHA1

      7c57dc98ffd144396528c1b9f5d674c6f5acae59

    • SHA256

      65bf16cbd3175b7dda73dded17b19b4dc8d8501e4c40140b053ba45dcd480ffc

    • SHA512

      0bcfbd3fbb34f6b188ca1b5f38aa06a134355361fb7390ccc720e3fe90ec863e70c34bac43ff4f018c5891e62ca24b4615a72ffd7b08703ef2746484b462dd38

    • SSDEEP

      1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HP:trfrzOH98ipgDlqwi

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks