Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118

  • Size

    164KB

  • Sample

    240929-k61r8axdrn

  • MD5

    fe374f6ff25ac7e18f2bdb4361ce0e4f

  • SHA1

    013f815c13b221506bd09a2bb77abc0b8117eab8

  • SHA256

    1ddec7617d6087292e3d51b1fe1079a93c28e9546171d2bbd2fa6f049fe2a089

  • SHA512

    09f7c729c81f2816f45c4824c8fe90419246ceab6418d46d5649861f5eb0905e7458f4c8c9985896d6fe103fa9b41a909dfb121a4f0ed60468e5c144e71dc13d

  • SSDEEP

    1536:KPB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9RluNGGdywlZO:KP22TWTogk079THcpOu5UZfluNTdTZO

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://vuatritue.com/wp-admin/w/

exe.dropper

http://castlestudios.com/bots/7/

exe.dropper

https://www.afriqueindustries-sa.com/ootqgtbgutgqkxfq/dS9/

exe.dropper

http://brandstrumpet-001-site1.ctempurl.com/default/lnD/

exe.dropper

http://oneinsix.com/test/u/

exe.dropper

http://livefarma.com/wp-content/hpu/

exe.dropper

http://datawyse.net/cgi-bin/8/

Targets

    • Target

      fe374f6ff25ac7e18f2bdb4361ce0e4f_JaffaCakes118

    • Size

      164KB

    • MD5

      fe374f6ff25ac7e18f2bdb4361ce0e4f

    • SHA1

      013f815c13b221506bd09a2bb77abc0b8117eab8

    • SHA256

      1ddec7617d6087292e3d51b1fe1079a93c28e9546171d2bbd2fa6f049fe2a089

    • SHA512

      09f7c729c81f2816f45c4824c8fe90419246ceab6418d46d5649861f5eb0905e7458f4c8c9985896d6fe103fa9b41a909dfb121a4f0ed60468e5c144e71dc13d

    • SSDEEP

      1536:KPB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5J+a9RluNGGdywlZO:KP22TWTogk079THcpOu5UZfluNTdTZO

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks