Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118
-
Size
2.3MB
-
Sample
241017-2dl7sszgqd
-
MD5
540b207df76a3bb1b7a89648a8eb8ee4
-
SHA1
5382bd353fb554b03402c7c44f60354f6a00c515
-
SHA256
e8dab01f1dd1c9f73e5e51b0868420fd5a848ebaf72086b187b50b7128bd6a11
-
SHA512
ccddcbe8c37e889f06539e474c4fc6fd747679a774d8625447884d4b83cc843d02a297df06e190ed3490cd37d12ce7eda0603a3506b251d39d1c3bddf7cfc6e1
-
SSDEEP
49152:SG2M6/n24tu5PYM66TTRTTiTT9AlrlUDnl47Le96ETTTTjlMz:SnofJEiB2n2wCz
Static task
static1
Behavioral task
behavioral1
Sample
540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118
-
Size
2.3MB
-
MD5
540b207df76a3bb1b7a89648a8eb8ee4
-
SHA1
5382bd353fb554b03402c7c44f60354f6a00c515
-
SHA256
e8dab01f1dd1c9f73e5e51b0868420fd5a848ebaf72086b187b50b7128bd6a11
-
SHA512
ccddcbe8c37e889f06539e474c4fc6fd747679a774d8625447884d4b83cc843d02a297df06e190ed3490cd37d12ce7eda0603a3506b251d39d1c3bddf7cfc6e1
-
SSDEEP
49152:SG2M6/n24tu5PYM66TTRTTiTT9AlrlUDnl47Le96ETTTTjlMz:SnofJEiB2n2wCz
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-