Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
143b80f264153a0a77ee599f2806702f_JaffaCakes118
-
Size
492KB
-
Sample
240504-yktnnshb5t
-
MD5
143b80f264153a0a77ee599f2806702f
-
SHA1
bce954b1509a8fb595ec06e21ff51561026f8e4d
-
SHA256
b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0
-
SHA512
1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019
-
SSDEEP
6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW
Static task
static1
Behavioral task
behavioral1
Sample
143b80f264153a0a77ee599f2806702f_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
3.9
sl
man085.com
splnkr.com
ecogasuk.com
chefdominick.com
gopay.site
littlehootyoga.com
xmhailibu.com
maerz-it.com
garrongoshen.com
mstestlabo2.online
thepatioideas.com
loftiscpa.net
p3juices.com
knot-experts.win
hell.enterprises
luisa-anderson.com
transporterivas.com
lispic.com
admiralswitch.win
onionscreative.com
texashoperx.com
viama.net
warento.com
turkishjournal.net
mircscriptsfrfm.com
nkjinyuan.com
service-jp.info
ceylonbooker.com
wwwhjc575.com
socialmediatrendspotting.com
marshstant.com
salon-beauty.com
obpcku.info
thesinophile.com
yicixingshoutao.com
spiritualistwritings.com
halftimevacation.com
privacyby.business
mimirai.net
carrepareservices.info
transxaction.com
990350.top
peptidworld.com
enterprisesbylgr.com
metrogroupdevelopment.net
olympiawedding.com
jeza.ltd
yingshiyikao.com
malagafab.com
goticmon.com
observatoryprobe2.info
jewelryisaqe.info
rgbornze.com
puravidabook.info
blackisanuance.com
wordshoesvip.com
christianproofreaders.com
drnarcistherapy.net
adwokatprawnik.com
secureinfowellsfargoalrt.com
bedrohungsmanagement.store
5546uu.com
videuzz.com
ankabutaliraq.com
bolipy.com
Targets
-
-
Target
143b80f264153a0a77ee599f2806702f_JaffaCakes118
-
Size
492KB
-
MD5
143b80f264153a0a77ee599f2806702f
-
SHA1
bce954b1509a8fb595ec06e21ff51561026f8e4d
-
SHA256
b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0
-
SHA512
1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019
-
SSDEEP
6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW
-
Formbook payload
-
Suspicious use of SetThreadContext
-