Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d0fd563358e7480da8a39e8cdb6ef3cc_JaffaCakes118

  • Size

    189KB

  • Sample

    240907-d4mdgssgll

  • MD5

    d0fd563358e7480da8a39e8cdb6ef3cc

  • SHA1

    4e76be3b07b47c413706731c21bd38a86be25d73

  • SHA256

    4f43ea2ee6d7c159765e14f68214b6c03142714d2c413ed8eeed276fdd3641ea

  • SHA512

    f8b5d7f47e12d01e202cc4690e705a10b85d3fb13f9567e05a9befad03e1dbf9a144f706fb1ff6b4aefe3f83a68c91611b2b4463aef8e9946c7ac5a512aea2cf

  • SSDEEP

    3072:p5Fqffqjbzk/jL/xSu90OoiLuDKZXfwKeljR1z:pjOqjk/xUOmD+XfwLX

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tunerg.com/SKMFSuIWW

exe.dropper

http://stoutarc.com/JbCOGyE

exe.dropper

http://www.modern-autoparts.com/ezFUGpI

exe.dropper

http://antigua.aguilarnoticias.com/LNOGFuYx

exe.dropper

http://take-one2.com/X80VedH

Targets

    • Target

      d0fd563358e7480da8a39e8cdb6ef3cc_JaffaCakes118

    • Size

      189KB

    • MD5

      d0fd563358e7480da8a39e8cdb6ef3cc

    • SHA1

      4e76be3b07b47c413706731c21bd38a86be25d73

    • SHA256

      4f43ea2ee6d7c159765e14f68214b6c03142714d2c413ed8eeed276fdd3641ea

    • SHA512

      f8b5d7f47e12d01e202cc4690e705a10b85d3fb13f9567e05a9befad03e1dbf9a144f706fb1ff6b4aefe3f83a68c91611b2b4463aef8e9946c7ac5a512aea2cf

    • SSDEEP

      3072:p5Fqffqjbzk/jL/xSu90OoiLuDKZXfwKeljR1z:pjOqjk/xUOmD+XfwLX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks