Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    30eb887abe4f94ad405d99aa280ba6b3_JaffaCakes118

  • Size

    395KB

  • Sample

    241010-va8s3a1epn

  • MD5

    30eb887abe4f94ad405d99aa280ba6b3

  • SHA1

    768fc5f3153c6c75e9d5997b7d81dcf994295647

  • SHA256

    07df26ad63c2611db4f3290fb475d895e15a919c950f9fa200556fad9033ec22

  • SHA512

    34d2c476ed4f9f5f856304c1e012bff2d59dd847c413981c3dfe391a828848b5b764c31575e07540159991665e1088a19b693a439e0e37165e49c7853a90a38b

  • SSDEEP

    12288:ALVkhU8/+BWnVkouhKz0gN7dnJe0hcBNYxv:ALWL+wVkf80sJem6Yh

Malware Config

Targets

    • Target

      30eb887abe4f94ad405d99aa280ba6b3_JaffaCakes118

    • Size

      395KB

    • MD5

      30eb887abe4f94ad405d99aa280ba6b3

    • SHA1

      768fc5f3153c6c75e9d5997b7d81dcf994295647

    • SHA256

      07df26ad63c2611db4f3290fb475d895e15a919c950f9fa200556fad9033ec22

    • SHA512

      34d2c476ed4f9f5f856304c1e012bff2d59dd847c413981c3dfe391a828848b5b764c31575e07540159991665e1088a19b693a439e0e37165e49c7853a90a38b

    • SSDEEP

      12288:ALVkhU8/+BWnVkouhKz0gN7dnJe0hcBNYxv:ALWL+wVkf80sJem6Yh

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks