Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

l.js

windows10-2004-x64

10

l.js

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    l.js

  • Size

    747KB

  • Sample

    250125-z1jn3szpgy

  • MD5

    97835729c58cae6501e9b3a3776e9906

  • SHA1

    63012f62e00a491b83adaba8804d890ac809490a

  • SHA256

    a75cab3593ad35620817235a9bd7938c7adaa8b3ce12a2da20e3e145ac304346

  • SHA512

    0ed5d7c90dbb260a732dd990d40a69f0997f8390db0a4cecc18349965e052e13ff8f5ecb709b95b176cc7e3686fbb08775e4b97b2253aa7aef9a1212607e8964

  • SSDEEP

    12288:q/VoiDR8Cx2ouvoqEZTwXasSNKF+uV6VBEx2:q/Vok2tI+w

Score
10/10
warmcookiebackdoordefense_evasionexecution

Malware Config

Extracted

Family

warmcookie

C2

149.248.58.85

Attributes
  • mutex

    3e4d7a5b-aa72-4d5f-8f8c-b292257af55c

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Targets

    • Target

      l.js

    • Size

      747KB

    • MD5

      97835729c58cae6501e9b3a3776e9906

    • SHA1

      63012f62e00a491b83adaba8804d890ac809490a

    • SHA256

      a75cab3593ad35620817235a9bd7938c7adaa8b3ce12a2da20e3e145ac304346

    • SHA512

      0ed5d7c90dbb260a732dd990d40a69f0997f8390db0a4cecc18349965e052e13ff8f5ecb709b95b176cc7e3686fbb08775e4b97b2253aa7aef9a1212607e8964

    • SSDEEP

      12288:q/VoiDR8Cx2ouvoqEZTwXasSNKF+uV6VBEx2:q/Vok2tI+w

    Score
    10/10
    warmcookiebackdoordefense_evasionexecution

    • Warmcookie family

      warmcookie

    • Warmcookie, Badspace

      Warmcookie aka Badspace is a backdoor written in C++.

      backdoorwarmcookie

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Deobfuscate/Decode Files or Information

      Payload decoded via CertUtil.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks