Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e09d277969e196819d46e0fe06b0b047_JaffaCakes118
-
Size
136KB
-
Sample
241211-ka84qayrhn
-
MD5
e09d277969e196819d46e0fe06b0b047
-
SHA1
43ad3c63d64ae2bb3b4ce111fb492e59dbb5f5f8
-
SHA256
dd5f09df7d0f4521bdabdf543386f616fbdfe2be8a480bf315103c431d72c355
-
SHA512
40d6bf2a4cc8807bfd429cbf5bbc381b04636adf30be6ee8ee3b73d13c9734e31f4335fec3c35db9d5067d1ef4d86d21d76416badd8389833cfa9a66a9fb9c39
-
SSDEEP
1536:/gpHVuNAXTj4Fj/91/NnLZqeWEPVpa8DzePjkgcwYS7S5+Vfk09+2GvwxEnouy8:01oy8j7VnNdrPHaSekwi+mW+2GU0out
Static task
static1
Behavioral task
behavioral1
Sample
e09d277969e196819d46e0fe06b0b047_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e09d277969e196819d46e0fe06b0b047_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e09d277969e196819d46e0fe06b0b047_JaffaCakes118
-
Size
136KB
-
MD5
e09d277969e196819d46e0fe06b0b047
-
SHA1
43ad3c63d64ae2bb3b4ce111fb492e59dbb5f5f8
-
SHA256
dd5f09df7d0f4521bdabdf543386f616fbdfe2be8a480bf315103c431d72c355
-
SHA512
40d6bf2a4cc8807bfd429cbf5bbc381b04636adf30be6ee8ee3b73d13c9734e31f4335fec3c35db9d5067d1ef4d86d21d76416badd8389833cfa9a66a9fb9c39
-
SSDEEP
1536:/gpHVuNAXTj4Fj/91/NnLZqeWEPVpa8DzePjkgcwYS7S5+Vfk09+2GvwxEnouy8:01oy8j7VnNdrPHaSekwi+mW+2GU0out
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3