Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118

  • Size

    213KB

  • Sample

    240913-ypv3aswejf

  • MD5

    decd9f5b452c407b0972ee6f8fcc8fe1

  • SHA1

    0261b00ce91a6b4b7b0686acc37548d6a20a4644

  • SHA256

    229688b1f7ac90b600e364e4f882c86c76937fa1bad916b4ba9cf48ea1a0ba68

  • SHA512

    d3f7f17fbb3f0fc1127f3a568ac9d5679404255aa9426e6a1a4fd5fd57fb0b9d881bee158637c812c9ae2738c230ca450e26c3d98d7c25347f1380a3682f61cc

  • SSDEEP

    3072:u22TWTogk079THcpOu5UZh0/6tJR6RNfo:u/TX07hHcJQttT6Rlo

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://www.1plus-agency.com/tmp/nlr08Z0/

exe.dropper

http://winadev.com/uglot/iiClU/

exe.dropper

https://enews.enkj.com/wordpress/h62/

exe.dropper

https://apicosto.misco-furniture.com/dvzmj/0xm3yS/

exe.dropper

http://drbeatrice.com/wp-content/HSz/

exe.dropper

https://ienerpro.com/cgi-bin/VVwhOR/

exe.dropper

https://premierbarsamui.com/Irc/O/

Targets

    • Target

      decd9f5b452c407b0972ee6f8fcc8fe1_JaffaCakes118

    • Size

      213KB

    • MD5

      decd9f5b452c407b0972ee6f8fcc8fe1

    • SHA1

      0261b00ce91a6b4b7b0686acc37548d6a20a4644

    • SHA256

      229688b1f7ac90b600e364e4f882c86c76937fa1bad916b4ba9cf48ea1a0ba68

    • SHA512

      d3f7f17fbb3f0fc1127f3a568ac9d5679404255aa9426e6a1a4fd5fd57fb0b9d881bee158637c812c9ae2738c230ca450e26c3d98d7c25347f1380a3682f61cc

    • SSDEEP

      3072:u22TWTogk079THcpOu5UZh0/6tJR6RNfo:u/TX07hHcJQttT6Rlo

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks