Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
671dc61740c13b2f4be45f74383472fd_JaffaCakes118
-
Size
1.2MB
-
Sample
240723-lzlkdszdne
-
MD5
671dc61740c13b2f4be45f74383472fd
-
SHA1
29d302edc1887cb0b94246ed1252cb17ef185a4a
-
SHA256
a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d
-
SHA512
4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9
-
SSDEEP
24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N
Static task
static1
Behavioral task
behavioral1
Sample
671dc61740c13b2f4be45f74383472fd_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
671dc61740c13b2f4be45f74383472fd_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
009613123
Targets
-
-
Target
671dc61740c13b2f4be45f74383472fd_JaffaCakes118
-
Size
1.2MB
-
MD5
671dc61740c13b2f4be45f74383472fd
-
SHA1
29d302edc1887cb0b94246ed1252cb17ef185a4a
-
SHA256
a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d
-
SHA512
4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9
-
SSDEEP
24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N
Score10/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-