Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
82be041cedd77581f5c13d52677da88c_JaffaCakes118
-
Size
247KB
-
Sample
240530-cqdnrabh69
-
MD5
82be041cedd77581f5c13d52677da88c
-
SHA1
90a60cb111950182f4146a89f302cf6a9d577166
-
SHA256
c2f3423a5056730c54508416ff033bd1d9c8041e56d38487434ad2e8b4a4ccd2
-
SHA512
a2655fc7eb5766d5868b62749463b690b8bfa5bf0653cc1c2c8b5bb6038dbed750e6e69d7a0e50393b38b8460b5d99e452be1648c2d56221d6892cbed74ad5c4
-
SSDEEP
3072:UgStcTn1twGbPUEl77skn1JfO1VgB9yT5OWfHQyomJrB/qVYJfjOsTVaLFh:UgStyUJkn15rQT5OMw3mJrB/45WVWv
Behavioral task
behavioral1
Sample
82be041cedd77581f5c13d52677da88c_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
82be041cedd77581f5c13d52677da88c_JaffaCakes118.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
cobaltstrike
0
http://37.252.15.241:80/match
-
crypto_scheme
256
-
host
37.252.15.241,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmyW6bqevjWW6DZ6+3cuzxxXBe/IOO5SymlXvl9rws8PkzeMLyzwmJ2JccNm3Z1aOCMeOnht3A5gXbRI+GX7UyXWRxkliGOdBfRW7Oa0Q5CGAxmy2f1WzbbbvEA29nz+EfIlDFmr0h8dfyyrCnsrhjtLpEcGY9HeENppg1VNdLkwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)
-
watermark
0
Targets
-
-
Target
82be041cedd77581f5c13d52677da88c_JaffaCakes118
-
Size
247KB
-
MD5
82be041cedd77581f5c13d52677da88c
-
SHA1
90a60cb111950182f4146a89f302cf6a9d577166
-
SHA256
c2f3423a5056730c54508416ff033bd1d9c8041e56d38487434ad2e8b4a4ccd2
-
SHA512
a2655fc7eb5766d5868b62749463b690b8bfa5bf0653cc1c2c8b5bb6038dbed750e6e69d7a0e50393b38b8460b5d99e452be1648c2d56221d6892cbed74ad5c4
-
SSDEEP
3072:UgStcTn1twGbPUEl77skn1JfO1VgB9yT5OWfHQyomJrB/qVYJfjOsTVaLFh:UgStyUJkn15rQT5OMw3mJrB/45WVWv
Score1/10 -