Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Run-Malware-1.bat

windows10-2004-x64

10

Run-Malware-1.bat

windows11-21h2-x64

10

f4d2c9470b...59.dll

windows10-2004-x64

10

f4d2c9470b...59.dll

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware-1.zip

  • Size

    77KB

  • Sample

    240822-svmefsxamj

  • MD5

    17eac32b01798242a64fddbbe3be6ba4

  • SHA1

    4adc8c04e7c3365964d5bd9468f9bff7962412ce

  • SHA256

    371cf9bcf9a3d7b11d5ac386bef9450beac8c66a546fea1ca9cf629cdb751825

  • SHA512

    0df2923d79286539b822459c95f67bb448d0bf4b0f658ce2da866459493a124b8135b3c8e2aa25b50834160acc90c6b6bf7d9401d8a96ba595efa421c0036b8e

  • SSDEEP

    1536:Ykufy0tKCFt2ROXpIF9Y59OSybohv5AsYToeYuerTrwPzgh99hUgMQd1c:YkuaI7b2ROZMKOSN5ATTben8Lg9963QQ

Score
10/10
warmcookiebackdoor

Malware Config

Extracted

Family

warmcookie

C2

72.5.43.29

Attributes
  • mutex

    a208f030-25f9-4f41-8b57-6b0b7ecccf29

  • user_agent

    Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)

Targets

    • Target

      Run-Malware-1.bat

    • Size

      88B

    • MD5

      2ee06c41fd75f8fabd7453d3e1240a49

    • SHA1

      02b77c02c6c55b6f40ffc409860c66fda803f39f

    • SHA256

      68082405a1e0bdf0a6109a0a22f93677bb25b2aba804c77f2536a8090cf1e0d0

    • SHA512

      354f4fb40ce5248a68ae8a6dfdabe9476970841de22b875788f8b8ec12b529bd702d18ca9f3a1e13412c68f67a3d7326b2c37fdfa5b63ceffbb3ea85682c204c

    Score
    10/10
    warmcookiebackdoor

    • Warmcookie, Badspace

      Warmcookie aka Badspace is a backdoor written in C++.

      backdoorwarmcookie

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659.dll

    • Size

      155KB

    • MD5

      7a799f4f9aa63745a75b901a392aff29

    • SHA1

      b9983463f637191ba12c2270ac52a547676a7037

    • SHA256

      f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659

    • SHA512

      e9eeb340dd620256d543ab43d08ccc23b555afa332c744c629fd8f40760f20a24e234955fc8d2e78a150f09028ca7a11650e0da157fff64833f13ce89a208c23

    • SSDEEP

      3072:0lCt2jrijQEjnMUWzsjhVPbuGHUluQj6vkZD4vP5iZWyLr:QCIrijNMv6XPbr0kuNr

    Score
    10/10
    warmcookiebackdoor

    • Warmcookie, Badspace

      Warmcookie aka Badspace is a backdoor written in C++.

      backdoorwarmcookie

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks