Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118

  • Size

    750KB

  • Sample

    240928-jcdj6atejj

  • MD5

    fbcc5c125e18019a5e6e536a47d5a1a8

  • SHA1

    8c3b235607fe39ee44accbec28887547adf33550

  • SHA256

    7d99a30ca8f89ca4ad64055e2ec39e67fb07639e03ebc773b6375b742a7f1162

  • SHA512

    23d2e97b1b11588818244a10e9084beb5df2c4eb99f1eab145d5118dc7eb817501557144bb1dfba0133eab6a5f4af73546dfc33aa50a4b53e600094fbd36a535

  • SSDEEP

    12288:OuqyHuqyNuqy/uqySuqyKuqypuqyWuqymuqy/uqyzS:zqyOqyAqy2qyPqy3qykqyLqybqy2qyW

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://panelonetwothree.ga/work/15.exe

Targets

    • Target

      fbcc5c125e18019a5e6e536a47d5a1a8_JaffaCakes118

    • Size

      750KB

    • MD5

      fbcc5c125e18019a5e6e536a47d5a1a8

    • SHA1

      8c3b235607fe39ee44accbec28887547adf33550

    • SHA256

      7d99a30ca8f89ca4ad64055e2ec39e67fb07639e03ebc773b6375b742a7f1162

    • SHA512

      23d2e97b1b11588818244a10e9084beb5df2c4eb99f1eab145d5118dc7eb817501557144bb1dfba0133eab6a5f4af73546dfc33aa50a4b53e600094fbd36a535

    • SSDEEP

      12288:OuqyHuqyNuqy/uqySuqyKuqypuqyWuqymuqy/uqyzS:zqyOqyAqy2qyPqy3qykqyLqybqy2qyW

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks