Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fb42f621912e72ad30928576e11cd71e_JaffaCakes118
-
Size
752KB
-
Sample
240928-b3al7asfkf
-
MD5
fb42f621912e72ad30928576e11cd71e
-
SHA1
4e0e1d74f0f9c248cb185df8fee16574d08bd251
-
SHA256
98b220e34ccdb30179c1bc8d212e16f6b2cb3825cba7eb68808ea38d74dffc99
-
SHA512
ab7e7895089a4c8d1cf4707279a2eb17f7caa49cbe08a3711326bfac85321164063e716b92116bffd2360a4cb5d8b14ba0d448e9dc2fc519c65b3ff306c244cd
-
SSDEEP
12288:5+w9BG6bWf0fk7hI1obVCgHNHLy7vib9qw/RbgMu6QWAX7h68pASZD1x8dUzvJta:5n9Un0M7hXVFNryDib82RVmWArhJpASg
Behavioral task
behavioral1
Sample
fb42f621912e72ad30928576e11cd71e_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
fb42f621912e72ad30928576e11cd71e_JaffaCakes118
-
Size
752KB
-
MD5
fb42f621912e72ad30928576e11cd71e
-
SHA1
4e0e1d74f0f9c248cb185df8fee16574d08bd251
-
SHA256
98b220e34ccdb30179c1bc8d212e16f6b2cb3825cba7eb68808ea38d74dffc99
-
SHA512
ab7e7895089a4c8d1cf4707279a2eb17f7caa49cbe08a3711326bfac85321164063e716b92116bffd2360a4cb5d8b14ba0d448e9dc2fc519c65b3ff306c244cd
-
SSDEEP
12288:5+w9BG6bWf0fk7hI1obVCgHNHLy7vib9qw/RbgMu6QWAX7h68pASZD1x8dUzvJta:5n9Un0M7hXVFNryDib82RVmWArhJpASg
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1