Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfa9d4948809090797a951edffa5ea93_JaffaCakes118

  • Size

    241KB

  • Sample

    240914-hbxe7s1apr

  • MD5

    dfa9d4948809090797a951edffa5ea93

  • SHA1

    1f3d636766c650733c7e66be530f345246005d2c

  • SHA256

    5af58ca99bb8ab1c5502499b987781f73cc44491b3fa9e15c03d418cd84bea17

  • SHA512

    733acec680d6ceaab2dc0085bd8ee1dca2090649c39a2d22326a8019102f044e8aaf077e61040ede7e4781e80d8b479617389a126334f68a96804fea7ec3e6cb

  • SSDEEP

    3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////F:40uXnWFchmmcI/o1/dOftz

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.ksgresearch.org/LLC/z9B/

exe.dropper

http://www.mitrausahacontrucion.com/multifunctional-section/X2v4XN/

exe.dropper

http://daprofesional.com/data4/rsdbA1h/

exe.dropper

http://degisimkalip.com.tr/wp-admin/ZML/

exe.dropper

http://da-industrial.com/js/6GGA48AK/

exe.dropper

http://cse-engineer.com/cgi-bin/BOiL/

exe.dropper

http://casabeethovenlb.com/classes/7SUlG/

Targets

    • Target

      dfa9d4948809090797a951edffa5ea93_JaffaCakes118

    • Size

      241KB

    • MD5

      dfa9d4948809090797a951edffa5ea93

    • SHA1

      1f3d636766c650733c7e66be530f345246005d2c

    • SHA256

      5af58ca99bb8ab1c5502499b987781f73cc44491b3fa9e15c03d418cd84bea17

    • SHA512

      733acec680d6ceaab2dc0085bd8ee1dca2090649c39a2d22326a8019102f044e8aaf077e61040ede7e4781e80d8b479617389a126334f68a96804fea7ec3e6cb

    • SSDEEP

      3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////F:40uXnWFchmmcI/o1/dOftz

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks