Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07bf062b4234d1d8a75da19c32785a90_JaffaCakes118

  • Size

    185KB

  • Sample

    241001-2ss9navajj

  • MD5

    07bf062b4234d1d8a75da19c32785a90

  • SHA1

    9537d62e35ab43da946042fca1de559f21d83cea

  • SHA256

    e263952f8b0f5f64e08a836103186b6c67ab3ba09f930594cd2b6d78b9c5a850

  • SHA512

    e4163ac36511431e32de7ab1f228e24a42221aae602082e984b44b076a20f4c749a89885966a185338dff82fe553880cafe380a1f503a3f13db3e76e6eed4793

  • SSDEEP

    3072:3SDjnyWx0Q71atpzkkbrC71xw8KExf71lc3Y8lDAtGo449GHIe/odXmQK9j:yjnyKwfK71b9Be3l5AkT4et/kXXK1

Malware Config

Targets

    • Target

      07bf062b4234d1d8a75da19c32785a90_JaffaCakes118

    • Size

      185KB

    • MD5

      07bf062b4234d1d8a75da19c32785a90

    • SHA1

      9537d62e35ab43da946042fca1de559f21d83cea

    • SHA256

      e263952f8b0f5f64e08a836103186b6c67ab3ba09f930594cd2b6d78b9c5a850

    • SHA512

      e4163ac36511431e32de7ab1f228e24a42221aae602082e984b44b076a20f4c749a89885966a185338dff82fe553880cafe380a1f503a3f13db3e76e6eed4793

    • SSDEEP

      3072:3SDjnyWx0Q71atpzkkbrC71xw8KExf71lc3Y8lDAtGo449GHIe/odXmQK9j:yjnyKwfK71b9Be3l5AkT4et/kXXK1

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks