Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118

  • Size

    133KB

  • Sample

    240929-hjng9stbll

  • MD5

    fdfd991ced46a4dc2ae4a9ce04aa25c0

  • SHA1

    4c736fa3d75f48e8c63aa40202ff224f22f8028f

  • SHA256

    27442f20eb59b4d209325e6568821d54267357d72c350b9aac8bdbe721e0235c

  • SHA512

    49c7c5f42b6dc4233741b0862c09d2ed3afaf1958e83ea06995aaeb187e568e95ce0f86f9b0d766852612bf09f8754a9021d732a21e258d71a334d2e11a9d314

  • SSDEEP

    1536:LA2RD3bNqfNpu39IId5a6XP3Mg8afSqTVyzwyQUpsJNw:VR1qf69xak3MgxSOEzwyQisJNw

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://account-creation.tvstartup.com/wp-content/themes/yMqhmRl/

exe.dropper

http://305.tvstartup.com/wp-content/hE2GpD/

exe.dropper

http://khuranaeyecarecentre.com/article/GQX1/

exe.dropper

http://esteticavaleria.com/wp-content/xmLGWWW/

exe.dropper

http://yashdemo.yashinfosystems.com/advpanel/OVTRE/

exe.dropper

http://eventswifiinternet.com/wp-content/E/

exe.dropper

http://opendoorsukraine.com/media/UvBoX8A/

Targets

    • Target

      fdfd991ced46a4dc2ae4a9ce04aa25c0_JaffaCakes118

    • Size

      133KB

    • MD5

      fdfd991ced46a4dc2ae4a9ce04aa25c0

    • SHA1

      4c736fa3d75f48e8c63aa40202ff224f22f8028f

    • SHA256

      27442f20eb59b4d209325e6568821d54267357d72c350b9aac8bdbe721e0235c

    • SHA512

      49c7c5f42b6dc4233741b0862c09d2ed3afaf1958e83ea06995aaeb187e568e95ce0f86f9b0d766852612bf09f8754a9021d732a21e258d71a334d2e11a9d314

    • SSDEEP

      1536:LA2RD3bNqfNpu39IId5a6XP3Mg8afSqTVyzwyQUpsJNw:VR1qf69xak3MgxSOEzwyQisJNw

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks