Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f01d6d3b9c98457e3843692915af1efa_JaffaCakes118

  • Size

    241KB

  • Sample

    240921-s52bcszela

  • MD5

    f01d6d3b9c98457e3843692915af1efa

  • SHA1

    dd4724db788347778cd9f8a15bb8e67e6e445739

  • SHA256

    1dba1999448c671df16e2a851f3333c25852991b9e4e9218fe5f59c4892750b9

  • SHA512

    c7f0210f9349734b4795539a44eac52788c64785213f9a2b2eb5c2bf188dd5202c7026e457be1e9d725a7ce1fbed60e6d46daabe84d76dd81cec18f0c210ad2f

  • SSDEEP

    3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////j:40uXnWFchmmcI/o1/YOfAx

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.ksgresearch.org/LLC/z9B/

exe.dropper

http://www.mitrausahacontrucion.com/multifunctional-section/X2v4XN/

exe.dropper

http://daprofesional.com/data4/rsdbA1h/

exe.dropper

http://degisimkalip.com.tr/wp-admin/ZML/

exe.dropper

http://da-industrial.com/js/6GGA48AK/

exe.dropper

http://cse-engineer.com/cgi-bin/BOiL/

exe.dropper

http://casabeethovenlb.com/classes/7SUlG/

Targets

    • Target

      f01d6d3b9c98457e3843692915af1efa_JaffaCakes118

    • Size

      241KB

    • MD5

      f01d6d3b9c98457e3843692915af1efa

    • SHA1

      dd4724db788347778cd9f8a15bb8e67e6e445739

    • SHA256

      1dba1999448c671df16e2a851f3333c25852991b9e4e9218fe5f59c4892750b9

    • SHA512

      c7f0210f9349734b4795539a44eac52788c64785213f9a2b2eb5c2bf188dd5202c7026e457be1e9d725a7ce1fbed60e6d46daabe84d76dd81cec18f0c210ad2f

    • SSDEEP

      3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////j:40uXnWFchmmcI/o1/YOfAx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks