Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3d7030426830af1ce3e9e06412954688_JaffaCakes118
-
Size
223KB
-
Sample
240514-b8h6hseh77
-
MD5
3d7030426830af1ce3e9e06412954688
-
SHA1
a664885f5f911b3add94b379c7caa8729ca253d0
-
SHA256
a409bcf88a07c401c4f6f11be261c80b47c2e5ae29338c7ad5de509ff1eefbd8
-
SHA512
9506362a98b64e17d9b8d00347821933e7711fff12cb4d2d5b79041fba58f10551db9f1c9088d8cd051170fcfb6f5de9631c0aa5a76ff5a15c0c3aaab8e782d8
-
SSDEEP
6144:UDk3eLcIxMtD67ASSK9xIQF+0jBbFy/Mni+iNHBrCaHl5:x3efMZ6cY9mZuBbFpn1iNHdH
Static task
static1
Behavioral task
behavioral1
Sample
3d7030426830af1ce3e9e06412954688_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.8
go
florimstone.ltd
cristianspataru.com
allavolontahk.com
theartensembleofchicago.com
caixk.com
themirrorprogram.com
app-santa.com
shamelesssoaps.com
adamsgaragedoorservice.com
modelweekpittsburgh.com
xaoz168.com
aquariumcozumel.com
lightpictureriver.com
uhvum.info
chunail.com
soportetecno.com
airfoilone.info
almaguinscientific.com
kupian.net
periovancedental.net
thebaseball.store
fryelawncare.com
rainbowstarllc.com
bantentronix.com
cohousinginfo.info
dalmiainnobuild.com
execairmontana.net
christhighergraceassembly.com
selensahin.com
gcashflow.com
dateondate.com
biznesteleskop.info
mediatechweek.live
lafengzuche.com
kleurcafe.com
bostonrefinanceconnect.com
biockchlan.info
perfectdocuments.services
mig-mhe.com
tv16809.info
planetreporter.info
vmljow.men
tnnbi.info
allpageprotectors.com
referenciadigital.com
nufamili.com
christinalazaridi.net
yihengyanxuan.com
clarktransfersucks.com
kemech.com
northamptontaxii.com
personalizedwalldecals.net
18qplay.com
sexshop.cool
wilderoseart.com
atomic-guru.com
xmfjl.net
hinabita.com
webdenimjeanssale.win
zhejiangluzhiyou.com
jj6455.com
mattjonescamera.com
zmbcloud.com
cjuwu.info
spotekw.com
Targets
-
-
Target
3d7030426830af1ce3e9e06412954688_JaffaCakes118
-
Size
223KB
-
MD5
3d7030426830af1ce3e9e06412954688
-
SHA1
a664885f5f911b3add94b379c7caa8729ca253d0
-
SHA256
a409bcf88a07c401c4f6f11be261c80b47c2e5ae29338c7ad5de509ff1eefbd8
-
SHA512
9506362a98b64e17d9b8d00347821933e7711fff12cb4d2d5b79041fba58f10551db9f1c9088d8cd051170fcfb6f5de9631c0aa5a76ff5a15c0c3aaab8e782d8
-
SSDEEP
6144:UDk3eLcIxMtD67ASSK9xIQF+0jBbFy/Mni+iNHBrCaHl5:x3efMZ6cY9mZuBbFpn1iNHdH
-
Formbook payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-