Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b7aec5f73d...f6.dll

windows10-ltsc 2021-x64

10

Resubmissions

28/10/2024, 17:19

241028-vv4pvathne 10

17/08/2024, 01:20

240817-bp9jcsyfkd 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59b7b8d29252a9128536fbd08d24375f.bin

  • Size

    79KB

  • Sample

    241028-vv4pvathne

  • MD5

    4652ddba01232a4e9baca5936913d42a

  • SHA1

    daddabc9e73c490e3eb23c288fda28942fc8efb6

  • SHA256

    3c71282d1c53a16d7ac1687e0288801a062dde870c07aba9f23f6b962d537f9f

  • SHA512

    ad16831eb5e7e53f118f896e06f027aabe13ef5e51106c1d6a2a96c941838c74d50ab0964dd1d6352e622fbb950b40fc858037c1de63eaeef441f2f3c5db1412

  • SSDEEP

    1536:ReO+mbllkkxPYU1lFbHdqFEobR0MLhbmnGlHO4y23i3eauALGn0DcbwH2HevpsxA:3+mNx7lJ9q++0MknGqzq32ckH2Hevf

Score
10/10
warmcookiebackdoor

Malware Config

Extracted

Family

warmcookie

C2

72.5.43.29

Attributes
  • mutex

    7d0cec31-c3bc-4593-ad4a-8c140904383e

  • user_agent

    Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)

Targets

    • Target

      b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6.exe

    • Size

      155KB

    • MD5

      59b7b8d29252a9128536fbd08d24375f

    • SHA1

      7221b9125608a54f9dd706166f936c16ee23164a

    • SHA256

      b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6

    • SHA512

      70431e0bf3759194cd50f6b567f6de7c908d13a444d14e7b35edf10fd88f16e6fe8bf0899307c7215f1ee80ff8e5909211864f4184053d9fa5bf9ec22b1d9cd4

    • SSDEEP

      3072:0lCt2jrijQEjnMUWzsjhVPbuGHUluQj6vkZD4vP5iZWyPr:QCIrijNMv6XPbr0kulr

    Score
    10/10
    warmcookiebackdoor

    • Warmcookie family

      warmcookie

    • Warmcookie, Badspace

      Warmcookie aka Badspace is a backdoor written in C++.

      backdoorwarmcookie

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks