Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e3095c7f50ad6559e8aa569390c1fa94_JaffaCakes118
-
Size
420KB
-
Sample
240915-v7prfsvdjb
-
MD5
e3095c7f50ad6559e8aa569390c1fa94
-
SHA1
e79ac8e78b26dee69a424325932e33cbe41c779e
-
SHA256
30fbbb57213f860b61302762e7a6febcd16b1ce982c57be120fc92436f40eda2
-
SHA512
fcde747c26d38e196647ce2f74649459ea2c911e1fa1d9c164b5b941bf683cb90b1b9a68d9611db355fa79cc5d3b130e235dc17033271177a775d1f8d4600362
-
SSDEEP
12288:JZUvtaGX86HF/vpF8MdvXV2fm9r3EAVF57ZV13:Jlidl/vAcAe13EAZZ/3
Static task
static1
Behavioral task
behavioral1
Sample
e3095c7f50ad6559e8aa569390c1fa94_JaffaCakes118.ps1
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e3095c7f50ad6559e8aa569390c1fa94_JaffaCakes118.ps1
Resource
win10v2004-20240802-en
Malware Config
Extracted
formbook
3.9
pm
pinkdolphingame.com
littlecarprice.com
zhangjinkai.com
daveycoin.com
brcomatualizacaobb.com
greenworldarg.com
constructorarabguar.com
0pe140.com
onevanillavariety.com
thedispensaryuk.com
missmomth.com
thealpha.biz
jjapanese.com
infinihybrid.com
bydcosmetics.com
jvboisoj.win
smartarchiving.com
kremesomorfias.com
akku2life.com
llbag.win
szfyfjzgc.com
missyrussellblog.com
buzzvevo.com
hammondres.net
vipipe.net
zchzchina.com
colleyexecutiveconsulting.com
coincashexchange.com
cc1346.com
aghcs.services
sdwunuo.com
news3049.reisen
gsgdev.com
iris2skin.com
antalyadogumakademisi.com
teachmeneurology.com
wannaseeyou.com
wwwyh8822.com
288c9.com
jadenailandhairsalon.com
hiteshgupta.info
thingsinberlin.com
appkeysrestore.com
popomama01.com
rocket.soccer
giurgiu.news
momosanramenwynwood.com
hainanmyjykj.com
petitnenchic.com
ikixusallc.com
ebmeu.com
jincailiangzi.com
cx-stocks.com
globalpacificcharity.com
zhifangshequ.com
antoniogatzfilms.com
quanqiugangs.com
nestbuildersconstruction.com
evoolamp.com
thehulses.com
lhtwbg.info
energofrios.com
kobatori.biz
worldterpenes.com
pursemtb.com
Targets
-
-
Target
e3095c7f50ad6559e8aa569390c1fa94_JaffaCakes118
-
Size
420KB
-
MD5
e3095c7f50ad6559e8aa569390c1fa94
-
SHA1
e79ac8e78b26dee69a424325932e33cbe41c779e
-
SHA256
30fbbb57213f860b61302762e7a6febcd16b1ce982c57be120fc92436f40eda2
-
SHA512
fcde747c26d38e196647ce2f74649459ea2c911e1fa1d9c164b5b941bf683cb90b1b9a68d9611db355fa79cc5d3b130e235dc17033271177a775d1f8d4600362
-
SSDEEP
12288:JZUvtaGX86HF/vpF8MdvXV2fm9r3EAVF57ZV13:Jlidl/vAcAe13EAZZ/3
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1