Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61f8393443b355fa43bd7a711f352f66_JaffaCakes118
-
Size
720KB
-
Sample
240722-abgqra1fnh
-
MD5
61f8393443b355fa43bd7a711f352f66
-
SHA1
3284d9ba9468134c0e2aaf0637e84b0234bee32b
-
SHA256
21aee5f92b6ac186fd13514487fc391cd68f94b1f635ae927a839d48cb11177c
-
SHA512
194a42550503071d3d797ae3556ce89baa9c52f3f00fd95c5b27ab93cb35d6dff31629215bdc9aad3f6bae80ad9165d4fa11494f6475ff24ad3008b16628a0ba
-
SSDEEP
12288:aQafdzxX8Z13ZPL87UMs+GhrFqH6Yn2RPBGVpcIgqkyICuhFMURhZzSWJS:ydzxOr87UMs+GNFg6YnQPB+eN9CgMyZu
Static task
static1
Behavioral task
behavioral1
Sample
61f8393443b355fa43bd7a711f352f66_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
61f8393443b355fa43bd7a711f352f66_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
61f8393443b355fa43bd7a711f352f66_JaffaCakes118
-
Size
720KB
-
MD5
61f8393443b355fa43bd7a711f352f66
-
SHA1
3284d9ba9468134c0e2aaf0637e84b0234bee32b
-
SHA256
21aee5f92b6ac186fd13514487fc391cd68f94b1f635ae927a839d48cb11177c
-
SHA512
194a42550503071d3d797ae3556ce89baa9c52f3f00fd95c5b27ab93cb35d6dff31629215bdc9aad3f6bae80ad9165d4fa11494f6475ff24ad3008b16628a0ba
-
SSDEEP
12288:aQafdzxX8Z13ZPL87UMs+GhrFqH6Yn2RPBGVpcIgqkyICuhFMURhZzSWJS:ydzxOr87UMs+GNFg6YnQPB+eN9CgMyZu
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-