Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0e6be27558672adbfabd67ef09d9625c_JaffaCakes118

  • Size

    694KB

  • Sample

    240625-rtywesvgmd

  • MD5

    0e6be27558672adbfabd67ef09d9625c

  • SHA1

    8fde57f028fc7015bbc56db7134559dd6b468472

  • SHA256

    ce7b78e13a183be104074b4d2420a3959ca8d3e2443a4f6710f33c355f45166e

  • SHA512

    5f246b0de058ce40be5a1c07f3c8b545af2cd40a8493d8bc4acf9fb998be98218f079e36692d5c8bfba36aecb95a26533f37d5f042d6c6d913f9147de12d3a03

  • SSDEEP

    12288:493HSUtcFYt+mjYB4X7mnNBdsbXzujiq8Ww1hgeQ0pfmCDPd8MKQuTJk:a3r4KhX65sbju+08gJwjxvuNk

Malware Config

Targets

    • Target

      0e6be27558672adbfabd67ef09d9625c_JaffaCakes118

    • Size

      694KB

    • MD5

      0e6be27558672adbfabd67ef09d9625c

    • SHA1

      8fde57f028fc7015bbc56db7134559dd6b468472

    • SHA256

      ce7b78e13a183be104074b4d2420a3959ca8d3e2443a4f6710f33c355f45166e

    • SHA512

      5f246b0de058ce40be5a1c07f3c8b545af2cd40a8493d8bc4acf9fb998be98218f079e36692d5c8bfba36aecb95a26533f37d5f042d6c6d913f9147de12d3a03

    • SSDEEP

      12288:493HSUtcFYt+mjYB4X7mnNBdsbXzujiq8Ww1hgeQ0pfmCDPd8MKQuTJk:a3r4KhX65sbju+08gJwjxvuNk

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks