Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
30eb887abe4f94ad405d99aa280ba6b3_JaffaCakes118
-
Size
395KB
-
Sample
241010-va8s3a1epn
-
MD5
30eb887abe4f94ad405d99aa280ba6b3
-
SHA1
768fc5f3153c6c75e9d5997b7d81dcf994295647
-
SHA256
07df26ad63c2611db4f3290fb475d895e15a919c950f9fa200556fad9033ec22
-
SHA512
34d2c476ed4f9f5f856304c1e012bff2d59dd847c413981c3dfe391a828848b5b764c31575e07540159991665e1088a19b693a439e0e37165e49c7853a90a38b
-
SSDEEP
12288:ALVkhU8/+BWnVkouhKz0gN7dnJe0hcBNYxv:ALWL+wVkf80sJem6Yh
Behavioral task
behavioral1
Sample
30eb887abe4f94ad405d99aa280ba6b3_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
30eb887abe4f94ad405d99aa280ba6b3_JaffaCakes118
-
Size
395KB
-
MD5
30eb887abe4f94ad405d99aa280ba6b3
-
SHA1
768fc5f3153c6c75e9d5997b7d81dcf994295647
-
SHA256
07df26ad63c2611db4f3290fb475d895e15a919c950f9fa200556fad9033ec22
-
SHA512
34d2c476ed4f9f5f856304c1e012bff2d59dd847c413981c3dfe391a828848b5b764c31575e07540159991665e1088a19b693a439e0e37165e49c7853a90a38b
-
SSDEEP
12288:ALVkhU8/+BWnVkouhKz0gN7dnJe0hcBNYxv:ALWL+wVkf80sJem6Yh
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3