Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
15/06/2024, 09:13
General
-
Target
adb4871da80855607760738d9d7670c2_JaffaCakes118.exe
-
Size
904KB
-
MD5
adb4871da80855607760738d9d7670c2
-
SHA1
07c6d131acd72cb8cc68e51905fdf1a7ef3b92d1
-
SHA256
e5e84f76ada6cdc1d014815b75a2508fbeba5a08372bd1d027b987295ef654a9
-
SHA512
cc40c80aa2acc06e8085e793c4bb715625626dbc78deed45e17b2417393330a38a2aa268d6d95686d50e40a94433e8f7d651d889eab5dd94572bcbc334004c67
-
SSDEEP
24576:eNcBtkZXdep+UH2FZtzyVSHkZcQt6SRHMbP:5eu+UWFPe8evdsbP
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\adb4871da80855607760738d9d7670c2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\adb4871da80855607760738d9d7670c2_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\msdos.scr"C:\Users\Admin\AppData\Local\Temp\msdos.scr" /S2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1010KB
MD5443ac263ce403bc1233f82b1ecdcd33a
SHA1baaf21d078f9de6ec0b16b17c9b9e3240352164a
SHA2569743874e33d5932c767cedea36218005b47204eabd57d00882245dd72ebf4fda
SHA512b70f30a65bcf439ab6bafadabdbf92c7c864fe02308da6c5264c3f2e7a125d16d0791dd3f8fe0352f21d5cea55a70a2aa6bdd7c3316707b65958dd7b2926efb1
-
Filesize
514KB
MD555d29aedcaa8857c64b606d367c560b5
SHA102d6cb238a3ae15e9a8c1178d5d63d437b6f798c
SHA2563870b801527efb88b26364ac518c682ebb5593096efb26b609be56737767d731
SHA51238bbd1ef87d754ae06f0e44e0c7d065b5044aa666fa9e4e8fb0d9e390a8861a6ce4bd2b15d1c47d9c1a9bf0dc4701b5aeed2116963c2d451c9ff0b5553a86f39
-
Filesize
4KB
-
Filesize
536KB
-
Filesize
536KB