Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a9bd5add6be1e16bb6e2345c63027767_JaffaCakes118

  • Size

    629KB

  • Sample

    240819-fzr5aazckm

  • MD5

    a9bd5add6be1e16bb6e2345c63027767

  • SHA1

    cb381752e3381289fa51c54a52962a0675e6c5ea

  • SHA256

    d70c44503c2b35efc6ae5c05b113f02929711e1eeb0b965d554dc8d5692ccec6

  • SHA512

    edaffe0d63b9b0afcbbc6d86622a0de32998087bbf248537e232feb2b71a4657e1b8a151c79a9f6724923ed813f3a20ba601c315c2710fb4b18678dac974d54a

  • SSDEEP

    12288:tUNe0Jcr6gl5XW0s9QQoZ1jKBE1ptF3Z4mxxgoEtlK+kt9T2MIukPtd+:tvKcrH5E9QQoZYBEztQmX5GN5P6

Malware Config

Targets

    • Target

      a9bd5add6be1e16bb6e2345c63027767_JaffaCakes118

    • Size

      629KB

    • MD5

      a9bd5add6be1e16bb6e2345c63027767

    • SHA1

      cb381752e3381289fa51c54a52962a0675e6c5ea

    • SHA256

      d70c44503c2b35efc6ae5c05b113f02929711e1eeb0b965d554dc8d5692ccec6

    • SHA512

      edaffe0d63b9b0afcbbc6d86622a0de32998087bbf248537e232feb2b71a4657e1b8a151c79a9f6724923ed813f3a20ba601c315c2710fb4b18678dac974d54a

    • SSDEEP

      12288:tUNe0Jcr6gl5XW0s9QQoZ1jKBE1ptF3Z4mxxgoEtlK+kt9T2MIukPtd+:tvKcrH5E9QQoZYBEztQmX5GN5P6

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks