Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e1add0c2917aaf34236db315da09d8f2_JaffaCakes118

  • Size

    19KB

  • Sample

    240915-erh1zavfrp

  • MD5

    e1add0c2917aaf34236db315da09d8f2

  • SHA1

    3460271d345cc4ba4ab112c5abe04e40e483145e

  • SHA256

    ffc9eca5a1e84b5ebe2d3f7124efbd48d96d24686b429f09743359370f915760

  • SHA512

    e041cf1b0c4aeb491488b027d08ea5c2febd640ce08166f5610e9baf783b2eacf39bd23591c3325255e67d548acca49ba72aeff9f0afcaa0505331f8ce252ecc

  • SSDEEP

    384:+2QdQ5yunO0qEF6C4zfusWGCVXToqIJPXaxq5:+U5D6EFTcKdKMc

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://panelonetwothree.ga/work/6.exe

Targets

    • Target

      e1add0c2917aaf34236db315da09d8f2_JaffaCakes118

    • Size

      19KB

    • MD5

      e1add0c2917aaf34236db315da09d8f2

    • SHA1

      3460271d345cc4ba4ab112c5abe04e40e483145e

    • SHA256

      ffc9eca5a1e84b5ebe2d3f7124efbd48d96d24686b429f09743359370f915760

    • SHA512

      e041cf1b0c4aeb491488b027d08ea5c2febd640ce08166f5610e9baf783b2eacf39bd23591c3325255e67d548acca49ba72aeff9f0afcaa0505331f8ce252ecc

    • SSDEEP

      384:+2QdQ5yunO0qEF6C4zfusWGCVXToqIJPXaxq5:+U5D6EFTcKdKMc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks