Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c1bbc3ef13f11786c71d2b038ffac9d_JaffaCakes118
-
Size
857KB
-
Sample
240519-3r8hmahd69
-
MD5
5c1bbc3ef13f11786c71d2b038ffac9d
-
SHA1
782901838bef058386683429bde3f10926f226da
-
SHA256
a925156696d4acad19f9063afbd082d0fccbcca820e262a91e730077705ab2a5
-
SHA512
e93cf0d6a4ec73b75e28189331fd6b8cc5b5d65706725ff35418727429e50e9f292286e136edc289afd31e585d5f6b436a125a9276dc0659b8987dd9ab6b7ce4
-
SSDEEP
12288:XkESTi3VrUwuW1ScWxRL7QZwupHHRi//ASc9VTiukEH:XkESTi3tUrWpWjQyiKDc9VTiukEH
Static task
static1
Behavioral task
behavioral1
Sample
5c1bbc3ef13f11786c71d2b038ffac9d_JaffaCakes118.rtf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5c1bbc3ef13f11786c71d2b038ffac9d_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.8
ch140
emmaelmes.com
www064123.com
elcerritocannabis.com
cyberf8985.com
kaylaschmidt.com
oyu5ahs8.email
yafuxoxedatuyulsst.com
veniceartsociety.com
reternship.com
swastikglasshouse.com
howay-scientica.com
tobinservices.com
allensmartin.com
cirruswork.com
13895385187.com
bestfitnessbands.com
coworkhotel.com
pipertakespictures.com
dqfzeg.info
qpeliculas.net
cleaningservicealexandriava.com
siliconvalleycoins.com
vancecrawfordphotography.com
hip-p.com
prgcc.com
zgu6.com
qukuaizhe.com
waypointgroup.energy
cienciacrenca.com
alisathink.com
chat-fun.net
5x5.life
es-rakuraku.com
mrsbeavers.com
movers495.com
akbank-internet-subeniz.com
94manbetx.com
xuput5e46ry6.site
kellykievitcox.com
krukaset.com
theanaloggamers.com
natfrieska.com
medmai.com
beifg.info
update-event.online
gamedaygrip.com
leamonte.com
verdoarts.com
netprocessos.online
dschiinii.com
clientiserviziomysi.info
kenyasafari.tours
classymissyalways.com
sakoeptrans.com
dijongfood.com
yzw092.com
esfemecanica.com
konasin.com
thatperfect.place
ali-hoseini.com
springvillehousing.com
hvnxj.info
medicusfoam.com
gw-aa.com
pendimora.com
Targets
-
-
Target
5c1bbc3ef13f11786c71d2b038ffac9d_JaffaCakes118
-
Size
857KB
-
MD5
5c1bbc3ef13f11786c71d2b038ffac9d
-
SHA1
782901838bef058386683429bde3f10926f226da
-
SHA256
a925156696d4acad19f9063afbd082d0fccbcca820e262a91e730077705ab2a5
-
SHA512
e93cf0d6a4ec73b75e28189331fd6b8cc5b5d65706725ff35418727429e50e9f292286e136edc289afd31e585d5f6b436a125a9276dc0659b8987dd9ab6b7ce4
-
SSDEEP
12288:XkESTi3VrUwuW1ScWxRL7QZwupHHRi//ASc9VTiukEH:XkESTi3tUrWpWjQyiKDc9VTiukEH
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-