Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ff82f897a9254c04885a865ea7145cd7_JaffaCakes118

  • Size

    28KB

  • Sample

    240929-3m5wyawejj

  • MD5

    ff82f897a9254c04885a865ea7145cd7

  • SHA1

    8f4d759afa6f677410e6a91fcc8cc795145d0412

  • SHA256

    952aa7f422d4885441159defcf6393c77a079fb457b3fc2faf8f5e2a61febc13

  • SHA512

    9bd625ba9c1e315c8ba3250e7d3ff735be601c43cae73d8bef71a3a2f6d59bfe0acb77bb58872a7325cfc490681fb399590c31dec78a5ca8dd73f2138ba177a4

  • SSDEEP

    768:qD1k9mqHCztMXazebLDsYzuu/3nOFvsLvg+:q69mqHCzyKefgYzb/3nhLvB

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rzminc.com/xklyulyijvn/45564985356713000000.dat

xlm40.dropper

http://pathinanchilearthmovers.com/eznwcdhx/45564985356713000000.dat

xlm40.dropper

http://jugueterialatorre.com.ar/xjzpfwc/45564985356713000000.dat

xlm40.dropper

http://rzminc.com/fdzgprclatqo/45564985356713000000.dat

xlm40.dropper

http://biblicalisraeltours.com/otmchxmxeg/45564985356713000000.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rzminc.com/xklyulyijvn/45564985382060200000.dat

xlm40.dropper

http://pathinanchilearthmovers.com/eznwcdhx/45564985382060200000.dat

xlm40.dropper

http://jugueterialatorre.com.ar/xjzpfwc/45564985382060200000.dat

xlm40.dropper

http://rzminc.com/fdzgprclatqo/45564985382060200000.dat

xlm40.dropper

http://biblicalisraeltours.com/otmchxmxeg/45564985382060200000.dat

Targets

    • Target

      Complaint-1139434699-02182021.xls

    • Size

      142KB

    • MD5

      f481599cb80b79ff1624d8095d60ad37

    • SHA1

      5f1f728c01113112866324abb15da0375749d0bf

    • SHA256

      ee05c4ea463797ea4c65e8875bfcf74402644db1abbd120ce65edcf22d915846

    • SHA512

      6297243b29fbb746e0e790aee6d2505dfd385d703d3d10af580a1fb07b0f5b74fefba8742d150236554139429d8bfde7d2a8a55b1bff94b8fab8bb8c65423145

    • SSDEEP

      3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/d:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOM0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks