Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
358393682ba7a3ac9e63d0b9faa15178_JaffaCakes118
-
Size
1.1MB
-
Sample
240710-t1lksazhmc
-
MD5
358393682ba7a3ac9e63d0b9faa15178
-
SHA1
58656237e8d2299017bdcc15b4e5afda9074bf82
-
SHA256
64c18cbee94fc9cb7a4978f908c79356433f3c6091a928654ea8555367fb0ca0
-
SHA512
1739b80728187a3584eedc426498daafed943b12bb320f86bc5a23522485f9651b72581ffec7c9d7d8270e97504f9af20311156908d1309f960eb919213fd1de
-
SSDEEP
24576:cHvZT0d//nI2VA6hX5pdoHPPuRMp4uwUTVZKXGUWikDYRBTCr8A:kBTynImBc3AM8isGoICBTCr8
Static task
static1
Behavioral task
behavioral1
Sample
358393682ba7a3ac9e63d0b9faa15178_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
358393682ba7a3ac9e63d0b9faa15178_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
homecomming
Targets
-
-
Target
358393682ba7a3ac9e63d0b9faa15178_JaffaCakes118
-
Size
1.1MB
-
MD5
358393682ba7a3ac9e63d0b9faa15178
-
SHA1
58656237e8d2299017bdcc15b4e5afda9074bf82
-
SHA256
64c18cbee94fc9cb7a4978f908c79356433f3c6091a928654ea8555367fb0ca0
-
SHA512
1739b80728187a3584eedc426498daafed943b12bb320f86bc5a23522485f9651b72581ffec7c9d7d8270e97504f9af20311156908d1309f960eb919213fd1de
-
SSDEEP
24576:cHvZT0d//nI2VA6hX5pdoHPPuRMp4uwUTVZKXGUWikDYRBTCr8A:kBTynImBc3AM8isGoICBTCr8
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-