Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e23d36c1d78e7a26173d92e7d46b6050_JaffaCakes118

  • Size

    934KB

  • Sample

    240915-l8p9yaybmg

  • MD5

    e23d36c1d78e7a26173d92e7d46b6050

  • SHA1

    9ec176a6afaaac7868524db6bc30740b2c106a39

  • SHA256

    7348733839473285ae7860e7039c626d5ac5ce528230c7fc33911e3d89992ea2

  • SHA512

    3c3c3e13d58a119a7e4757e7843e62736f22249a2a1357ac9ba39e9cff7fd0e6224479c336e815d4446ff429f3fd48e9e21ddcce7f512b1e67f99b9eaf280a5e

  • SSDEEP

    12288:S7oA4UawsXCVX1SQ83hdeZqX9IUOty4dRqolkBfCej/WiLDpzEJeyynoKJ92jphQ:sovS9wV3uqyUY3eBv7WO3Xorp+F

Malware Config

Targets

    • Target

      e23d36c1d78e7a26173d92e7d46b6050_JaffaCakes118

    • Size

      934KB

    • MD5

      e23d36c1d78e7a26173d92e7d46b6050

    • SHA1

      9ec176a6afaaac7868524db6bc30740b2c106a39

    • SHA256

      7348733839473285ae7860e7039c626d5ac5ce528230c7fc33911e3d89992ea2

    • SHA512

      3c3c3e13d58a119a7e4757e7843e62736f22249a2a1357ac9ba39e9cff7fd0e6224479c336e815d4446ff429f3fd48e9e21ddcce7f512b1e67f99b9eaf280a5e

    • SSDEEP

      12288:S7oA4UawsXCVX1SQ83hdeZqX9IUOty4dRqolkBfCej/WiLDpzEJeyynoKJ92jphQ:sovS9wV3uqyUY3eBv7WO3Xorp+F

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.