Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ffe800a098...18.exe

windows7-x64

10

ffe800a098...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2024, 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffe800a098f6466630aa6fbb71f17209_JaffaCakes118.exe

  • Size

    35KB

  • MD5

    ffe800a098f6466630aa6fbb71f17209

  • SHA1

    aa5b1068dc0b12adfae76f7ad7c9f503db363868

  • SHA256

    daea9d763893a2ec2b5bd85f49b83de180e368afeb9c459ec14350d633c5cc54

  • SHA512

    4b51fc63a70e0bba0233fc419825a4d7c47527b0daceb7429b2c166d5411cd3d59f06a1b1d20284a9ea32de54540390bfab4b5f4f9483cf90894b8724eec58f9

  • SSDEEP

    768:WF5EutQ5FqlY1Y+wQfY89YJkBEZdG1eW755kBaqZAym3En05:WIY2FOGY+wQfY1JNZdon55kBaeKEw

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffe800a098f6466630aa6fbb71f17209_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffe800a098f6466630aa6fbb71f17209_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    24KB

    MD5

    5eb376b1524e0647581d941015cee7f4

    SHA1

    8bc1ca898642c9eca88263b4d00178dc82e547fc

    SHA256

    82411ab22fced3cff2f4ff769f7979cf8371ac5e1f56ff45c68776197f878fa7

    SHA512

    eab84401629492d69bb40d5ef07329eef0afe7d28cb9c2795a993d7af7913a0d2790d8c21c00646b985faab5be28bfdc0c81154301e7c51461951d88e17fe67e

    Download Submit

  • memory/384-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/384-5-0x00000000007E0000-0x00000000007FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/384-8-0x00000000007E0000-0x00000000007FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/384-9-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-10-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/384-11-0x00000000007E0000-0x00000000007FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/384-12-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download