Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
de84530009912a5260cbd8c198ef8a52_JaffaCakes118
-
Size
382KB
-
Sample
240913-venzfsybka
-
MD5
de84530009912a5260cbd8c198ef8a52
-
SHA1
3b2accb32484872b7fe482d69c66d25da1e9f81f
-
SHA256
ce884833bd49fcbba71468d1d6dbe33cae593e30655e5be56045d28e5ba69101
-
SHA512
af8120ba4ac440bc5636eef9901e09e8205c03ce2d85b259075b3d6d20bbeb4de82d1010a90a7c21e3a52d1da97201a072ac3f3cb02e1ed3f0a0630fb431ad06
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz539pcCJJvHFU2qLn0Xlz2u8dNGiOi:Zr7xS2Vp6FwTKbJJvHF1X1ZQoi
Behavioral task
behavioral1
Sample
de84530009912a5260cbd8c198ef8a52_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
de84530009912a5260cbd8c198ef8a52_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
de84530009912a5260cbd8c198ef8a52_JaffaCakes118
-
Size
382KB
-
MD5
de84530009912a5260cbd8c198ef8a52
-
SHA1
3b2accb32484872b7fe482d69c66d25da1e9f81f
-
SHA256
ce884833bd49fcbba71468d1d6dbe33cae593e30655e5be56045d28e5ba69101
-
SHA512
af8120ba4ac440bc5636eef9901e09e8205c03ce2d85b259075b3d6d20bbeb4de82d1010a90a7c21e3a52d1da97201a072ac3f3cb02e1ed3f0a0630fb431ad06
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz539pcCJJvHFU2qLn0Xlz2u8dNGiOi:Zr7xS2Vp6FwTKbJJvHF1X1ZQoi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3