Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118

  • Size

    161KB

  • Sample

    240925-rk2wqataqd

  • MD5

    f6311593c6ca6a81b2af6bebcc620b6a

  • SHA1

    9dc91492c9e5236970c6cdcfeb1d1ca2b37a4a6f

  • SHA256

    80bbc6addbc3d97abecb341c4441b7963d70a2a863d25cf0d35137632a841fa4

  • SHA512

    0ab5ebf551193aac68c6b28ec7cf5bc2739fe24063f37c33078799c5ce9feed73c19494f0f69ee3dfa6d64de62e9e4c8743dc790eb5810af0e91f372f29ef257

  • SSDEEP

    3072:tJVffe3dY9jAcD22TWTogk079THcpOu5UZgVjxzEtZ8jgeoE:tjffe3S5D/TX07hHcJQyxz+Z0geoE

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://guitarsforisrael.org/QPOUUYxLBk/1nprgf/

exe.dropper

http://sadanandpvc.com/twitter/BssXB/

exe.dropper

http://help-m2c.eccang.com/pseovck27kr/T/

exe.dropper

http://youtube-monetization.com/qrnsp/2v/

exe.dropper

http://ahrgintl.com/alfacgiapi/jg1VUae/

exe.dropper

http://helionspharmaceutical.com/wp-admin/Xg/

exe.dropper

http://hanulmotors.com/nbqso/H0DdOyB/

Targets

    • Target

      f6311593c6ca6a81b2af6bebcc620b6a_JaffaCakes118

    • Size

      161KB

    • MD5

      f6311593c6ca6a81b2af6bebcc620b6a

    • SHA1

      9dc91492c9e5236970c6cdcfeb1d1ca2b37a4a6f

    • SHA256

      80bbc6addbc3d97abecb341c4441b7963d70a2a863d25cf0d35137632a841fa4

    • SHA512

      0ab5ebf551193aac68c6b28ec7cf5bc2739fe24063f37c33078799c5ce9feed73c19494f0f69ee3dfa6d64de62e9e4c8743dc790eb5810af0e91f372f29ef257

    • SSDEEP

      3072:tJVffe3dY9jAcD22TWTogk079THcpOu5UZgVjxzEtZ8jgeoE:tjffe3S5D/TX07hHcJQyxz+Z0geoE

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks