Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fafffb7839b66c453b0b288a7395d359_JaffaCakes118
-
Size
429KB
-
Sample
240927-166lgavcqg
-
MD5
fafffb7839b66c453b0b288a7395d359
-
SHA1
ee4d14b88d5867b76e281479b02aa6a408bd5c73
-
SHA256
b35074f59e31d47d38e52a33547d7db45a915b8d14c6e5f15a297a7da7c6bbdd
-
SHA512
5d08c4e21780a87699e0f7d97323065b3d2c900e4c48fdd2eb99ac806d8b8fdbe4460864c776203bee2b06affe50ce7fb092ce1ea517323ce2a44e3b5f75001c
-
SSDEEP
12288:lLWNgVpWFYLzJOHXiqXki5eBq8GecjwGSROP3kR0lnL:l6NgVpb/J2XiAgBzLgbGskWl
Static task
static1
Behavioral task
behavioral1
Sample
fafffb7839b66c453b0b288a7395d359_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
fafffb7839b66c453b0b288a7395d359_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fafffb7839b66c453b0b288a7395d359_JaffaCakes118
-
Size
429KB
-
MD5
fafffb7839b66c453b0b288a7395d359
-
SHA1
ee4d14b88d5867b76e281479b02aa6a408bd5c73
-
SHA256
b35074f59e31d47d38e52a33547d7db45a915b8d14c6e5f15a297a7da7c6bbdd
-
SHA512
5d08c4e21780a87699e0f7d97323065b3d2c900e4c48fdd2eb99ac806d8b8fdbe4460864c776203bee2b06affe50ce7fb092ce1ea517323ce2a44e3b5f75001c
-
SSDEEP
12288:lLWNgVpWFYLzJOHXiqXki5eBq8GecjwGSROP3kR0lnL:l6NgVpb/J2XiAgBzLgbGskWl
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3