Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118

  • Size

    166KB

  • Sample

    240909-fyvh1stcjj

  • MD5

    d5b5cfbb95df232743dbad75d02c5575

  • SHA1

    4cd181c06fe8b720867ca8371e4410d3a4898852

  • SHA256

    40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5

  • SHA512

    6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70

  • SSDEEP

    1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://odeftg.com/odeftg.com/S/

exe.dropper

http://hbprivileged.com/info/S/

exe.dropper

http://equipamentosmix.com/10/U/

exe.dropper

http://mianusman.com/cgi-bin/Fo/

exe.dropper

https://www.hairlineunisexsalon.com/demo/CyD/

exe.dropper

http://liulibug.com/wp-admin/8Aw/

exe.dropper

https://fcbc.group/wp-includes/O/

Targets

    • Target

      d5b5cfbb95df232743dbad75d02c5575_JaffaCakes118

    • Size

      166KB

    • MD5

      d5b5cfbb95df232743dbad75d02c5575

    • SHA1

      4cd181c06fe8b720867ca8371e4410d3a4898852

    • SHA256

      40553c3c1a1a2ff36541fff6d148b3d3a89962869b7d29d3dd978f4957bb53d5

    • SHA512

      6cf5a4b94a32af8f2e7f1389a8f6905f30c2380b1f8f67354d0a9b0d09619a9f0b3c7ed4aa3b8536b214fb51260162089d1b7116181718011b535123d9f80d70

    • SSDEEP

      1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqTdotKdz/Rek6Ef3Ei9WEvOk:OR1qf69xak3MgxmFKl/R89i9WAOk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks