Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
229945d35166270d3cbee4d4d94a6909_JaffaCakes118
-
Size
156KB
-
Sample
240703-q821ys1aqe
-
MD5
229945d35166270d3cbee4d4d94a6909
-
SHA1
839503e8334e6a9b8bd29aa8ff8fe75bd023033e
-
SHA256
51a24ad2c25b0ae358f651c8d01332aec5f9afdfc939c8eb30d6004aef161aef
-
SHA512
64878b1a4cea94d93c471fc91eaaa5fe3b165436cae84208379406c0e84de459698e703fa11634b909e3f959403cb4bd86a39a85ddf77812c5b2642fc2335775
-
SSDEEP
3072:PJQ/7t0BVG25MFzEiC6o4tTCp2G297kxxF:qTa6LBEryteD25kxH
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
229945d35166270d3cbee4d4d94a6909_JaffaCakes118
-
Size
156KB
-
MD5
229945d35166270d3cbee4d4d94a6909
-
SHA1
839503e8334e6a9b8bd29aa8ff8fe75bd023033e
-
SHA256
51a24ad2c25b0ae358f651c8d01332aec5f9afdfc939c8eb30d6004aef161aef
-
SHA512
64878b1a4cea94d93c471fc91eaaa5fe3b165436cae84208379406c0e84de459698e703fa11634b909e3f959403cb4bd86a39a85ddf77812c5b2642fc2335775
-
SSDEEP
3072:PJQ/7t0BVG25MFzEiC6o4tTCp2G297kxxF:qTa6LBEryteD25kxH
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1