Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3f3124d96e6ced6528ba07736cd9744_JaffaCakes118

  • Size

    247KB

  • Sample

    240908-kefyqsyape

  • MD5

    d3f3124d96e6ced6528ba07736cd9744

  • SHA1

    2a19fb773d17f0e10278d74ca1a43e2d54563369

  • SHA256

    0fb1891062a2efc47b2fe69391e3a7a42673afdbb21d834af3ad3ac36b56ecf0

  • SHA512

    6ce46e3ebe6b332d2cab8ea121240dbe3701a85f4c70a3c9e34e071c38d8b7318641fd7d854ffed8b96c8ffbc49b19d3251b6c61aa7cc55f07c26ef9fa1914e7

  • SSDEEP

    3072:yr/DEfw4rgz5WgP0BN1/AZjL/xSu90OoiLuDKZXfwKeljR1j:AzjzPkAxxUOmD+XfwL3

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mipec-city-view.com/eLFdiHVZc

exe.dropper

http://betablanja.com/ucF43aOI

exe.dropper

http://bluehost.theoceanweb.com/wp-admin/css/HeR7zgu

exe.dropper

http://thanhlapdoanhnghiephnh.com/YWPDn0EHGX

exe.dropper

http://aktemuryonetim.com/HQp52Xt

Targets

    • Target

      d3f3124d96e6ced6528ba07736cd9744_JaffaCakes118

    • Size

      247KB

    • MD5

      d3f3124d96e6ced6528ba07736cd9744

    • SHA1

      2a19fb773d17f0e10278d74ca1a43e2d54563369

    • SHA256

      0fb1891062a2efc47b2fe69391e3a7a42673afdbb21d834af3ad3ac36b56ecf0

    • SHA512

      6ce46e3ebe6b332d2cab8ea121240dbe3701a85f4c70a3c9e34e071c38d8b7318641fd7d854ffed8b96c8ffbc49b19d3251b6c61aa7cc55f07c26ef9fa1914e7

    • SSDEEP

      3072:yr/DEfw4rgz5WgP0BN1/AZjL/xSu90OoiLuDKZXfwKeljR1j:AzjzPkAxxUOmD+XfwL3

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks