Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bb03b10baf2a57da73cea2968c1459ff_JaffaCakes118
-
Size
2.6MB
-
Sample
240823-kgetfswgjn
-
MD5
bb03b10baf2a57da73cea2968c1459ff
-
SHA1
e516378a4cb476f575f4756a03515b01fcda99fc
-
SHA256
0b2a54ab233f2ceeaf4c3910255c73c3c41099c4985e18a9b05a97d1897a5432
-
SHA512
86863a73b2ac22aff51bf07151876a22d76eae505be3e169928c4ab5cc48692e5aa388c83220b3325896104a231c9fe13aecebd8eee5a172f410c65a86289cb1
-
SSDEEP
49152:+eDhdWcQf/muKeyy+T8ykmJ6k25c2UCmTbWS/dn/cnOMCoAeZNlnFL/Kwbm:7bzeyWykaN9dz1nUOMC1MLn1/Rm
Static task
static1
Behavioral task
behavioral1
Sample
bb03b10baf2a57da73cea2968c1459ff_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
bb03b10baf2a57da73cea2968c1459ff_JaffaCakes118
-
Size
2.6MB
-
MD5
bb03b10baf2a57da73cea2968c1459ff
-
SHA1
e516378a4cb476f575f4756a03515b01fcda99fc
-
SHA256
0b2a54ab233f2ceeaf4c3910255c73c3c41099c4985e18a9b05a97d1897a5432
-
SHA512
86863a73b2ac22aff51bf07151876a22d76eae505be3e169928c4ab5cc48692e5aa388c83220b3325896104a231c9fe13aecebd8eee5a172f410c65a86289cb1
-
SSDEEP
49152:+eDhdWcQf/muKeyy+T8ykmJ6k25c2UCmTbWS/dn/cnOMCoAeZNlnFL/Kwbm:7bzeyWykaN9dz1nUOMC1MLn1/Rm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-