Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d37abef20b2749210d8aad65f0bc09e3_JaffaCakes118

  • Size

    227KB

  • Sample

    240908-egr6wsvcmn

  • MD5

    d37abef20b2749210d8aad65f0bc09e3

  • SHA1

    7279d14b6a86a129bf433f2bcae642819e8afedf

  • SHA256

    30a43e3c1b38fe5a37ce0fcdcaee4cef05b4d6682e668d782131c7c54de0e292

  • SHA512

    0b08b0afd963c4c3265c6c91211741a0ec760f9c7aef6c29d3e887b76035410b6e625e0459811d982155d753c2d89c6eb14cd8f96cf9d086c6f0e68106b39fe7

  • SSDEEP

    3072:PYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////s:R0uXnWFchmmcI/o1/uEP9cPwc2

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://miradoors.md/backup/hFiCHxXv/

exe.dropper

http://kuntur.tur.ar/wp-admin/OBoiKylqUuhlh/

exe.dropper

https://mhsr.ch/wp-admin/qHvi9amkg5llk43185606/

exe.dropper

http://miradoors.ro/cgi-bin/vhUgA4mu6tg1x461/

exe.dropper

http://nikniek.nl/cgi-bin/A74t5p0sobrc273635587/

exe.dropper

http://qualityhairbundles.com/of/FIKQDxATiQHEd/

exe.dropper

http://karaz.atwebpages.com/admin/2a4j1aqkks855324/

Targets

    • Target

      d37abef20b2749210d8aad65f0bc09e3_JaffaCakes118

    • Size

      227KB

    • MD5

      d37abef20b2749210d8aad65f0bc09e3

    • SHA1

      7279d14b6a86a129bf433f2bcae642819e8afedf

    • SHA256

      30a43e3c1b38fe5a37ce0fcdcaee4cef05b4d6682e668d782131c7c54de0e292

    • SHA512

      0b08b0afd963c4c3265c6c91211741a0ec760f9c7aef6c29d3e887b76035410b6e625e0459811d982155d753c2d89c6eb14cd8f96cf9d086c6f0e68106b39fe7

    • SSDEEP

      3072:PYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////s:R0uXnWFchmmcI/o1/uEP9cPwc2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks