Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fafffb7839b66c453b0b288a7395d359_JaffaCakes118

  • Size

    429KB

  • Sample

    240927-166lgavcqg

  • MD5

    fafffb7839b66c453b0b288a7395d359

  • SHA1

    ee4d14b88d5867b76e281479b02aa6a408bd5c73

  • SHA256

    b35074f59e31d47d38e52a33547d7db45a915b8d14c6e5f15a297a7da7c6bbdd

  • SHA512

    5d08c4e21780a87699e0f7d97323065b3d2c900e4c48fdd2eb99ac806d8b8fdbe4460864c776203bee2b06affe50ce7fb092ce1ea517323ce2a44e3b5f75001c

  • SSDEEP

    12288:lLWNgVpWFYLzJOHXiqXki5eBq8GecjwGSROP3kR0lnL:l6NgVpb/J2XiAgBzLgbGskWl

Malware Config

Targets

    • Target

      fafffb7839b66c453b0b288a7395d359_JaffaCakes118

    • Size

      429KB

    • MD5

      fafffb7839b66c453b0b288a7395d359

    • SHA1

      ee4d14b88d5867b76e281479b02aa6a408bd5c73

    • SHA256

      b35074f59e31d47d38e52a33547d7db45a915b8d14c6e5f15a297a7da7c6bbdd

    • SHA512

      5d08c4e21780a87699e0f7d97323065b3d2c900e4c48fdd2eb99ac806d8b8fdbe4460864c776203bee2b06affe50ce7fb092ce1ea517323ce2a44e3b5f75001c

    • SSDEEP

      12288:lLWNgVpWFYLzJOHXiqXki5eBq8GecjwGSROP3kR0lnL:l6NgVpb/J2XiAgBzLgbGskWl

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks