Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d4eb931d97a7ae1aa727f68d32763920_JaffaCakes118

  • Size

    154KB

  • Sample

    240908-whv3lsygqr

  • MD5

    d4eb931d97a7ae1aa727f68d32763920

  • SHA1

    807182407c85efe5880aacfa21043e487b7871c8

  • SHA256

    b5be7bb2f5a521f8ec0417e9f4da3c9f919f688a9a2c089b1503e1bab24e3eff

  • SHA512

    ae357488a9aac61d9fc155db2f8b360952f789f371103ea57dfc65e11140d604d7838444e16e1c9a88158a8912f515a040755cdc41618d891211b4dfb7d739ff

  • SSDEEP

    1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9UQ54LW0wK:5rfrzOH98ipgg+qDwK

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://intrasistemas.com/cgi-bin/mTQls3/

exe.dropper

http://gforcems.it/modules/D/

exe.dropper

http://cooltattoo.es/hatone/6YAA0O2/

exe.dropper

http://diesner.de/css/cf/

exe.dropper

http://go4it24.be/administrator/Q1r3/

exe.dropper

http://eltrafalgar.com/wp-includes/VFSi/

exe.dropper

http://infoestudio.es/cursos/qPP/

Targets

    • Target

      d4eb931d97a7ae1aa727f68d32763920_JaffaCakes118

    • Size

      154KB

    • MD5

      d4eb931d97a7ae1aa727f68d32763920

    • SHA1

      807182407c85efe5880aacfa21043e487b7871c8

    • SHA256

      b5be7bb2f5a521f8ec0417e9f4da3c9f919f688a9a2c089b1503e1bab24e3eff

    • SHA512

      ae357488a9aac61d9fc155db2f8b360952f789f371103ea57dfc65e11140d604d7838444e16e1c9a88158a8912f515a040755cdc41618d891211b4dfb7d739ff

    • SSDEEP

      1536:CJ0ZsWTJ0ZsWirdi1Ir77zOH98Wj2gpngR+a9UQ54LW0wK:5rfrzOH98ipgg+qDwK

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks