Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea6151f2ac021c315206d6ad15bb65c9_JaffaCakes118

  • Size

    248KB

  • Sample

    240919-cda24avfjl

  • MD5

    ea6151f2ac021c315206d6ad15bb65c9

  • SHA1

    6ff1fab8609ecf46252920721b5a739db38bd5b9

  • SHA256

    d98f213fb4802c2a0443ec4bac831c3d727ab699fd6858316ee89afda8849042

  • SHA512

    e2fbf0bc205246b02bd93f8274e491612c8574690bac2313d2f9fc253a06d19bdf904978b2329c132321c38d0376a9bcc9f333ab744dae543c073fb0ea5c0e1c

  • SSDEEP

    3072:O1ldztZGREmz/rSjpBGABScsXy6jL/xSu90OoiLuDKZXfwKeljR16:6GREmz/rStgc3YyoxUOmD+XfwLe

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://cardiologiarocco.com.br/hcr62qm03s5k_Cxz5E0

exe.dropper

http://etnoselostavna.me/04WMQVc0GT_KTIgh7

exe.dropper

http://www.kvona.com/60URNkr5

exe.dropper

http://dansavanh.in.th/wp-includes/xxZl0ALBp7f

exe.dropper

http://747big.com/WmSGWESw5CpppE

Targets

    • Target

      ea6151f2ac021c315206d6ad15bb65c9_JaffaCakes118

    • Size

      248KB

    • MD5

      ea6151f2ac021c315206d6ad15bb65c9

    • SHA1

      6ff1fab8609ecf46252920721b5a739db38bd5b9

    • SHA256

      d98f213fb4802c2a0443ec4bac831c3d727ab699fd6858316ee89afda8849042

    • SHA512

      e2fbf0bc205246b02bd93f8274e491612c8574690bac2313d2f9fc253a06d19bdf904978b2329c132321c38d0376a9bcc9f333ab744dae543c073fb0ea5c0e1c

    • SSDEEP

      3072:O1ldztZGREmz/rSjpBGABScsXy6jL/xSu90OoiLuDKZXfwKeljR16:6GREmz/rStgc3YyoxUOmD+XfwLe

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks