Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118
-
Size
382KB
-
Sample
240712-j1qjmaxdpb
-
MD5
3c99963b30c3cda4768b8d99c80e62d1
-
SHA1
a7a4cb67e4b5d142e91ead6fda3e04c8246073ca
-
SHA256
363b8d8183cd26fe4217577d5adcf51ba4fc94c72f59bf472e42f6a2a2de3561
-
SHA512
b4d5fee14d1d61a03b3126f874af0945f5e814a6ff74f9ce22f08f142c3f113fa5564aed8e75adf41d055af69819e124a3cb5f686e352bd79c340c3e5977d014
-
SSDEEP
6144:rEDajNuJjujoeSP4SY5fl2+dGYAo9RK1gz9Koc7yQfcO4bcfS4KZR/3/An2a9pzu:I2KeSP4SY5fl2+dGYAo9RK1gz9Koc7yJ
Static task
static1
Behavioral task
behavioral1
Sample
3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118
-
Size
382KB
-
MD5
3c99963b30c3cda4768b8d99c80e62d1
-
SHA1
a7a4cb67e4b5d142e91ead6fda3e04c8246073ca
-
SHA256
363b8d8183cd26fe4217577d5adcf51ba4fc94c72f59bf472e42f6a2a2de3561
-
SHA512
b4d5fee14d1d61a03b3126f874af0945f5e814a6ff74f9ce22f08f142c3f113fa5564aed8e75adf41d055af69819e124a3cb5f686e352bd79c340c3e5977d014
-
SSDEEP
6144:rEDajNuJjujoeSP4SY5fl2+dGYAo9RK1gz9Koc7yQfcO4bcfS4KZR/3/An2a9pzu:I2KeSP4SY5fl2+dGYAo9RK1gz9Koc7yJ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1