Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118

  • Size

    217KB

  • Sample

    240921-b1vjksygra

  • MD5

    eed3b64b0cecdaf53dc6b7897cc25a94

  • SHA1

    9e329077f05351a315c6db0f86bd0df73d37fe6a

  • SHA256

    c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869

  • SHA512

    392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78

  • SSDEEP

    1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://fulfillmententertainment.com/cgi-bin/jO/

exe.dropper

http://meadtimes.com/wp-content/VZrDrTw/

exe.dropper

http://pinturasydecoracionluis.com/wp-admin/fK3/

exe.dropper

http://oconsign.com/cgi-bin/koLViD/

exe.dropper

http://umapreowned.com/wp-admin/XF7RBbs/

exe.dropper

http://kitecorp.ca/wp-includes/kEI98N/

exe.dropper

http://moneyii.com/website/ddeoUDo/

Targets

    • Target

      eed3b64b0cecdaf53dc6b7897cc25a94_JaffaCakes118

    • Size

      217KB

    • MD5

      eed3b64b0cecdaf53dc6b7897cc25a94

    • SHA1

      9e329077f05351a315c6db0f86bd0df73d37fe6a

    • SHA256

      c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869

    • SHA512

      392b35e61e297f358ab6990d85b63cc89ad1267efa486d403a37129c32f1059610fbaf441fb3ba3f9e59598960b65fe77dfe66c2e909852deea6175826e9fc78

    • SSDEEP

      1536:KB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9zRQ3n7fxdSoNRp:K22TWTogk079THcpOu5UZc3zBR5g6fB

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks