Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2b2e83623d7ba5aa11856a93d6389b9e_JaffaCakes118
-
Size
4.0MB
-
Sample
240708-geyl1axbrh
-
MD5
2b2e83623d7ba5aa11856a93d6389b9e
-
SHA1
90760f3ac81a1bcdf1e131578dd9b741a06a5572
-
SHA256
2946c75da5e424700b1b2bfb0c2c4e4b50bcdf2e2ce50935863be1cb4565371d
-
SHA512
3aa2385fc558d46df7dde3ed175b71bbd4d0f8759e24b728b1865164757d3faa183b04c4e71c7f64a5d363f451d5a81729cd75cc6e750035baaef3c0add8a78d
-
SSDEEP
98304:IFb0GYX7gF7kxrx1jL26B01u4Y8P6sdyVO8LxQavvMXO:UUgFM3ja6oYM6sM0c4O
Static task
static1
Behavioral task
behavioral1
Sample
2b2e83623d7ba5aa11856a93d6389b9e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2b2e83623d7ba5aa11856a93d6389b9e_JaffaCakes118
-
Size
4.0MB
-
MD5
2b2e83623d7ba5aa11856a93d6389b9e
-
SHA1
90760f3ac81a1bcdf1e131578dd9b741a06a5572
-
SHA256
2946c75da5e424700b1b2bfb0c2c4e4b50bcdf2e2ce50935863be1cb4565371d
-
SHA512
3aa2385fc558d46df7dde3ed175b71bbd4d0f8759e24b728b1865164757d3faa183b04c4e71c7f64a5d363f451d5a81729cd75cc6e750035baaef3c0add8a78d
-
SSDEEP
98304:IFb0GYX7gF7kxrx1jL26B01u4Y8P6sdyVO8LxQavvMXO:UUgFM3ja6oYM6sM0c4O
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5