Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f6d83fbf014a5691b35cfe80401ea6cb_JaffaCakes118
-
Size
239KB
-
Sample
240417-3xgxvsbd5x
-
MD5
f6d83fbf014a5691b35cfe80401ea6cb
-
SHA1
47b40e2d2ec4f38faf97d94ebb481cabb17c908f
-
SHA256
4873fc7cab19439ccbc5cfffcc818ed55cd682cd5475889c7062476a877438ce
-
SHA512
66564b36c4fe5eecc029248bac207e017b7dc04a2453c0e87db16c6dd3fd1577661bc0b5eeadc9abb7a911d811b3af01a295e9f26edc4b1c97ecb24f7b95c757
-
SSDEEP
6144:0LzZ7cUVovWnzoMeJgRLlD9LhHLwsLLUMn3ua/TB:0nZ7bVo+cMeClctMn3ua/TB
Static task
static1
Behavioral task
behavioral1
Sample
038159.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
038159.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/jaqxzro.dll
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
w6ya
auden-audio.com
zombieodyssey.com
hdpthg.com
toddtechnical.com
njsdgz.com
yieldfarm.world
guardsveirfynews.net
atmamandir.info
eskisehirtostcusu.online
arrozz.net
v99king.win
jaxonboxing.com
morganevans.net
syandeg.com
valleyofplants.com
corsosportorico.com
tak.support
blacktgpc.com
herdpetshop.com
iifkvhns.xyz
notredameapartmentsnh.com
sourcefogrge.net
fattails.net
hybridleadershiptheory.com
lyymbeautysalon.com
pnia8889789.com
hagklp.com
unmaskingyourheart.com
xcyweb.com
brokerdeck.com
firstmediainternet.biz.id
charlottelawrencecoaching.com
metyon.xyz
aceshiprecycling.net
site4education.com
lmecgpllc.com
glutenfreebud.com
fxy-9cc6.biz
smoothingcapacitors.com
acrylicblanktoppers.com
onetzrot.com
globalfibreimpact.com
idahod3marchingfestival.com
expediom.com
soupyz.com
baremetal.tools
malagacatalogo.com
fuzitavn.com
tnotchconsulting.com
rocfilings.online
belozza.com
razn.xyz
creatormike.com
mehmetatalay.xyz
nh-netsol23.com
muland.website
baishshop.com
newday-newbeginning.com
evautoscam.com
larasgifts.com
jalilcc.com
spiraentertainment.com
mirasms.online
clippingup.com
truth-capturemachine.com
Targets
-
-
Target
038159.exe
-
Size
251KB
-
MD5
f89aeda946171325b3cc41db4e0c7356
-
SHA1
83da10df168a7801bef8257fcbdc23bf18f0d15c
-
SHA256
5beadd0ecc9f1407dab89746630fddf7362dd00323e6a5e5413a0c286e2ee583
-
SHA512
229332eb6bec4208a2eb9055237ee5ac83a9da577ce04f2a0a9bad2c6c113b815ff60876d265f344d10d36d20da3bb4444ef2c8896fe9dc6005bac73a3c902ab
-
SSDEEP
6144:wBlL/cYzuovWn9oMSJgRXlD9LhVLwsLXUMn3ua/TY:Cecuo+yMSYlebMn3ua/TY
-
Formbook payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/jaqxzro.dll
-
Size
29KB
-
MD5
1e8aa5fcc0f7de7a0836081dd9efff05
-
SHA1
48317ef5f587f52fd34b42164dfb893dcde95e1b
-
SHA256
5389af7b3d0f5a3496cd2aa538a6ee01fd5a9bd1a8fcf3b9411f4112313d43af
-
SHA512
addd27d8923bf5d3f7d87e3eb2f6138d05532aa7c9340fde2f998a84fa87f227b63cd515176940de099d4f8dc46d1ab7467f4e347e266d0ef128d7337d79ea16
-
SSDEEP
384:IcOhNOWCf3iUgfews69swci/+9YFmtgqQzZQFORdP2NG6zZHZD24mYfVSUB+V6G4:DC9szi/MeqQqgRd2pZMbwjGANT5
-
Formbook payload
-
Suspicious use of SetThreadContext
-