Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118
-
Size
305KB
-
Sample
240918-2789esyclk
-
MD5
ea2729d917d24f794e57dc27a5edbb6d
-
SHA1
4acbd39f6c95793feb9c7e52f256274aa8c02e80
-
SHA256
184365416efed1893465d9c1dc0e59aab43f3b6dba54e7e51434ed240c43799b
-
SHA512
8d9a5d455dbd4e71a5a642a2dff2701fb9fecde0c875e17980533496ae4d9adc845ea3bf930cb3c03c9bd455bc40d444f827b500bb185d99baceaf258ac26f96
-
SSDEEP
6144:l+/8yFfrs5dxZaxISwaFuW+RikI0hRDfcdD6k2fRFtYbG3B1EVa7wchNHi7HrD/:l+/xFWdHaFj+RpI0bD0dDupFtYbGrqxr
Static task
static1
Behavioral task
behavioral1
Sample
ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
formbook
3.8
hx211
benriya-gucci.net
rakecare.ltd
dentalrenaissance.net
filmaporter.com
www284234.com
gnjacnheating.com
bzjxbzsb.com
977zzi.info
zfur.ltd
codingsir.com
test-testin424dgd.com
from-france-with-love.wine
new-igrovyeavtomatiwulcan.com
alexisandtim.com
oneconvey.com
vanhavadurumu.com
perthshirescotland.com
xp666.ink
amywrightportfolio.com
teicoma.com
hqdcsc.com
beststatusinhindi.com
mattresscouponsite.live
xn--1nqz3th0c.com
clubdascasadas.site
juicedigital.social
rozbieramy.com
sgpst.com
shopdiscountdd.com
simplyncial.com
uniontheaterdepartment.com
86gladman.com
jajcoo.com
lqmlc.com
melhordofutebol.com
kdpmarketing.com
chinwagdesigns.net
mixsite.net
fisiomednetwork.com
lacostentx.com
pneus-bruxelles.com
912ohi.info
drdragana.com
thirdlinegroup.com
dailynicksv2.net
blakecschmidt.com
bcg.business
findingourspot.com
777ur.com
y5bgeeolz8uq.biz
743ope.com
desmitskesunplugged.com
metalrafmanisa.com
ripplemeter.info
xnutefvfpg.info
jiaxianginternal.com
veganportal.site
synchrolean.info
heima98.com
elizabethgu.com
yilianchehui.com
simpleesmejor.com
hechudai.com
g197.info
subducker.info
Targets
-
-
Target
ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118
-
Size
305KB
-
MD5
ea2729d917d24f794e57dc27a5edbb6d
-
SHA1
4acbd39f6c95793feb9c7e52f256274aa8c02e80
-
SHA256
184365416efed1893465d9c1dc0e59aab43f3b6dba54e7e51434ed240c43799b
-
SHA512
8d9a5d455dbd4e71a5a642a2dff2701fb9fecde0c875e17980533496ae4d9adc845ea3bf930cb3c03c9bd455bc40d444f827b500bb185d99baceaf258ac26f96
-
SSDEEP
6144:l+/8yFfrs5dxZaxISwaFuW+RikI0hRDfcdD6k2fRFtYbG3B1EVa7wchNHi7HrD/:l+/xFWdHaFj+RpI0bD0dDupFtYbGrqxr
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Formbook payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-