Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e7a6b98a84...18.exe

windows7-x64

10

e7a6b98a84...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/12/2024, 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7a6b98a8440182d9607b5a9a394ab56_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    e7a6b98a8440182d9607b5a9a394ab56

  • SHA1

    e1a0cbf353ffe3faa72b54c050460b207d0bfec5

  • SHA256

    f398740e50801e08d6f6e8802170df619969b1c16ebc381c01b5577001760682

  • SHA512

    1eb4ec3ebb7955c74dc75dec0556760b7ed0210d35a1e0a4f50cbde13edebe804f5a39895d51890d08f16cdb2df88ac13343f9db7e4ba74b29bf9f31066e8a83

  • SSDEEP

    768:tJpFHSLyupC2/kB5c3i1Cp/c1nj6UUxW/HjwZABWDa8:tJpFHSOuopPc3Np0nj6UUxiDwMD8

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7a6b98a8440182d9607b5a9a394ab56_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e7a6b98a8440182d9607b5a9a394ab56_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\RECYCLER\wmsj.exe
      C:\RECYCLER\wmsj.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\RECYCLER\video.dll
    Filesize

    37KB

    MD5

    83216b17c2482167112f40a418c80337

    SHA1

    5e00803671eb1b434bec02ded9460b2a177ee93b

    SHA256

    ea81562a6fb365d971ca9cfbf9a3c6b8b92a691f9b24f45f2951a4c08e7e5285

    SHA512

    f316e32b93e544784f5428a78a14afbca886e61cc7bf04ebe2149c2621c4de2d0bf6af46734b49f521ea3f9f11ba17ee6b99bbb468d8d6336a46fd50210d779e

    Download Submit

  • \RECYCLER\wmsj.exe
    Filesize

    28KB

    MD5

    e7a6b98a8440182d9607b5a9a394ab56

    SHA1

    e1a0cbf353ffe3faa72b54c050460b207d0bfec5

    SHA256

    f398740e50801e08d6f6e8802170df619969b1c16ebc381c01b5577001760682

    SHA512

    1eb4ec3ebb7955c74dc75dec0556760b7ed0210d35a1e0a4f50cbde13edebe804f5a39895d51890d08f16cdb2df88ac13343f9db7e4ba74b29bf9f31066e8a83

    Download Submit

  • memory/2808-14-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2956-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2956-10-0x0000000000320000-0x0000000000346000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2956-9-0x0000000000320000-0x0000000000346000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2956-15-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download