Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22ba2b09232063ed9024695892bc3df6_JaffaCakes118

  • Size

    180KB

  • Sample

    240703-r42p3atdnc

  • MD5

    22ba2b09232063ed9024695892bc3df6

  • SHA1

    a801a6059bb52cc319e44ee20b0a688834330dd7

  • SHA256

    8fd93468fbf05c143de9ba9b650650adcda5052a8cf21e221aee638e48d30db2

  • SHA512

    b0e1b9d0146de22f76b2ea70ef6c7b10fab63e2450c4d608fcd347419fdea32aecd81109fcb61e293e5d189e9aad05311186898b47b97d455cf2214844d7e9e1

  • SSDEEP

    3072:QU/RXziYR2PfTA0Nxjls+lywSQBv6+FVJiInJ3hwxCJ9JDiRjiBRRNbNsV33:QU/ZOS2PfRzlTyAP5xhwxCJnmRjslbkn

Malware Config

Targets

    • Target

      22ba2b09232063ed9024695892bc3df6_JaffaCakes118

    • Size

      180KB

    • MD5

      22ba2b09232063ed9024695892bc3df6

    • SHA1

      a801a6059bb52cc319e44ee20b0a688834330dd7

    • SHA256

      8fd93468fbf05c143de9ba9b650650adcda5052a8cf21e221aee638e48d30db2

    • SHA512

      b0e1b9d0146de22f76b2ea70ef6c7b10fab63e2450c4d608fcd347419fdea32aecd81109fcb61e293e5d189e9aad05311186898b47b97d455cf2214844d7e9e1

    • SSDEEP

      3072:QU/RXziYR2PfTA0Nxjls+lywSQBv6+FVJiInJ3hwxCJ9JDiRjiBRRNbNsV33:QU/ZOS2PfRzlTyAP5xhwxCJnmRjslbkn

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Impair Defenses: Safe Mode Boot

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks