Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118

  • Size

    160KB

  • Sample

    240913-awtwtatgqj

  • MD5

    dd54ab7192288fa40ae6b02e02a0f149

  • SHA1

    ba0517d95e9d708a7f7740b2795b6f1c5c96816a

  • SHA256

    65ccd2353b3535aa238fd8463e999fef45409765bde767b753cb0f4c3be5889e

  • SHA512

    60d726b6e19e29a753a533e0232998a9196034ecdb5ce2c2f72b55e03a8bc5693cea2feaa69f34a5f5a4a18442acb28610ad38443e6e698ed600b5e3a3340414

  • SSDEEP

    3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTiWJ3/t5Atmcr:+Ct+zjR9/TX07hHcJQDJvt5Atmcr

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://khobormalda.com/wp-content/82/

exe.dropper

http://blog.zunapro.com/wp-admin/LEE/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/

exe.dropper

https://online24h.biz/wp-admin/K/

exe.dropper

https://fepami.com/wp-includes/eaI/

exe.dropper

http://ora-ks.com/system/cache/w/

exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

    • Target

      dd54ab7192288fa40ae6b02e02a0f149_JaffaCakes118

    • Size

      160KB

    • MD5

      dd54ab7192288fa40ae6b02e02a0f149

    • SHA1

      ba0517d95e9d708a7f7740b2795b6f1c5c96816a

    • SHA256

      65ccd2353b3535aa238fd8463e999fef45409765bde767b753cb0f4c3be5889e

    • SHA512

      60d726b6e19e29a753a533e0232998a9196034ecdb5ce2c2f72b55e03a8bc5693cea2feaa69f34a5f5a4a18442acb28610ad38443e6e698ed600b5e3a3340414

    • SSDEEP

      3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTiWJ3/t5Atmcr:+Ct+zjR9/TX07hHcJQDJvt5Atmcr

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks