Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118

  • Size

    161KB

  • Sample

    240921-h4dtka1amh

  • MD5

    ef4e00d7e912910b1184f73b6a860aa8

  • SHA1

    a99138b20c126c426df947786137a7cb1e795e9c

  • SHA256

    25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578

  • SHA512

    ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a

  • SSDEEP

    3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://khobormalda.com/wp-content/82/

exe.dropper

http://blog.zunapro.com/wp-admin/LEE/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/

exe.dropper

https://online24h.biz/wp-admin/K/

exe.dropper

https://fepami.com/wp-includes/eaI/

exe.dropper

http://ora-ks.com/system/cache/w/

exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

    • Target

      ef4e00d7e912910b1184f73b6a860aa8_JaffaCakes118

    • Size

      161KB

    • MD5

      ef4e00d7e912910b1184f73b6a860aa8

    • SHA1

      a99138b20c126c426df947786137a7cb1e795e9c

    • SHA256

      25393c8989f2e612a34778fae3ed1d04b785d027ec9ffbb8c58d9c43e8fa4578

    • SHA512

      ec13f6428a17cdac926dd6657e2bc44b902a54cf38257b145bd61a87ffa57c63d00d85c5e5e1536b54e01c06a091ddc92d38e86006744d4d93cce0df3884157a

    • SSDEEP

      3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTdWJ3/t5AtmAD:+Ct+zjR9/TX07hHcJQwJvt5AtmAD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks