Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d544eb2d174cf3065c457942e2087e78_JaffaCakes118

  • Size

    132KB

  • Sample

    240908-29gl7asgkg

  • MD5

    d544eb2d174cf3065c457942e2087e78

  • SHA1

    d9d9055b06fd5984da73ce9f1a0dcd4670898c8d

  • SHA256

    ac1799f9b3a672cdbf5d43c8a2d5c83c07069d2404e6a95c6e21a1abce0c3040

  • SHA512

    e8ca8f1c412c18eb0f60f11186aa99b162228c36de5f6fd007e54e8d71c7906708f9689da60fe1fc4f8f7a3caae3b666e6ebb840b8b37ba5afa83927debca860

  • SSDEEP

    1536:eVO81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvad8/2GeUUt/YQJFm0DaqGq+aa:eM8GhDS0o9zTGOZD6EbzCd8/cplVDaqQ

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.binsuloomgroup.com/wp-content/uploads/TyUg_qOsCOz4O_5uPw9YSbO

exe.dropper

http://bonnyprint.com/wp-content/PCT_0H8S_L9zVHlYSF

exe.dropper

http://ftp.spbv.org/worem_2o27v_d

exe.dropper

http://flowersgalleryevents.ayansaha.com/2Z4fO_YmAY_BqDF1wD

exe.dropper

https://anhle.art/t2ZZ_zOxsnfkSJ_ClUxs

Targets

    • Target

      d544eb2d174cf3065c457942e2087e78_JaffaCakes118

    • Size

      132KB

    • MD5

      d544eb2d174cf3065c457942e2087e78

    • SHA1

      d9d9055b06fd5984da73ce9f1a0dcd4670898c8d

    • SHA256

      ac1799f9b3a672cdbf5d43c8a2d5c83c07069d2404e6a95c6e21a1abce0c3040

    • SHA512

      e8ca8f1c412c18eb0f60f11186aa99b162228c36de5f6fd007e54e8d71c7906708f9689da60fe1fc4f8f7a3caae3b666e6ebb840b8b37ba5afa83927debca860

    • SSDEEP

      1536:eVO81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvad8/2GeUUt/YQJFm0DaqGq+aa:eM8GhDS0o9zTGOZD6EbzCd8/cplVDaqQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks