Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0e6be27558672adbfabd67ef09d9625c_JaffaCakes118
-
Size
694KB
-
Sample
240625-rtywesvgmd
-
MD5
0e6be27558672adbfabd67ef09d9625c
-
SHA1
8fde57f028fc7015bbc56db7134559dd6b468472
-
SHA256
ce7b78e13a183be104074b4d2420a3959ca8d3e2443a4f6710f33c355f45166e
-
SHA512
5f246b0de058ce40be5a1c07f3c8b545af2cd40a8493d8bc4acf9fb998be98218f079e36692d5c8bfba36aecb95a26533f37d5f042d6c6d913f9147de12d3a03
-
SSDEEP
12288:493HSUtcFYt+mjYB4X7mnNBdsbXzujiq8Ww1hgeQ0pfmCDPd8MKQuTJk:a3r4KhX65sbju+08gJwjxvuNk
Static task
static1
Behavioral task
behavioral1
Sample
0e6be27558672adbfabd67ef09d9625c_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0e6be27558672adbfabd67ef09d9625c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0e6be27558672adbfabd67ef09d9625c_JaffaCakes118
-
Size
694KB
-
MD5
0e6be27558672adbfabd67ef09d9625c
-
SHA1
8fde57f028fc7015bbc56db7134559dd6b468472
-
SHA256
ce7b78e13a183be104074b4d2420a3959ca8d3e2443a4f6710f33c355f45166e
-
SHA512
5f246b0de058ce40be5a1c07f3c8b545af2cd40a8493d8bc4acf9fb998be98218f079e36692d5c8bfba36aecb95a26533f37d5f042d6c6d913f9147de12d3a03
-
SSDEEP
12288:493HSUtcFYt+mjYB4X7mnNBdsbXzujiq8Ww1hgeQ0pfmCDPd8MKQuTJk:a3r4KhX65sbju+08gJwjxvuNk
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1