Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3eaade580c8fce776b11a14be5cc32cf_JaffaCakes118
-
Size
97KB
-
Sample
240712-ymp39szfmg
-
MD5
3eaade580c8fce776b11a14be5cc32cf
-
SHA1
22c50d1461a0cdef1223d2f3abc722ea17a87b73
-
SHA256
944171863b15ceadeb83771252a131e220ee8cfc32c48dd9f1209317fc25ee2b
-
SHA512
17b1424d12fbb68fa56edcec3106b6f0b7f707f628e6b1349dffc63b378f48edb6f2b5835bbb5fb7695d8000e5a04a2a89ede4e7ed61dea048c0b8503c8787c0
-
SSDEEP
1536:BBlf6XMojlXRaHad0sb8y6w4YVgoZpHErpK/pqUcJs3SkuxYEZvw6Qe:/lyM4VUadUpMWK/ArxYUl
Static task
static1
Behavioral task
behavioral1
Sample
3eaade580c8fce776b11a14be5cc32cf_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3eaade580c8fce776b11a14be5cc32cf_JaffaCakes118
-
Size
97KB
-
MD5
3eaade580c8fce776b11a14be5cc32cf
-
SHA1
22c50d1461a0cdef1223d2f3abc722ea17a87b73
-
SHA256
944171863b15ceadeb83771252a131e220ee8cfc32c48dd9f1209317fc25ee2b
-
SHA512
17b1424d12fbb68fa56edcec3106b6f0b7f707f628e6b1349dffc63b378f48edb6f2b5835bbb5fb7695d8000e5a04a2a89ede4e7ed61dea048c0b8503c8787c0
-
SSDEEP
1536:BBlf6XMojlXRaHad0sb8y6w4YVgoZpHErpK/pqUcJs3SkuxYEZvw6Qe:/lyM4VUadUpMWK/ArxYUl
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5