Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4314d785cea1470e12518301d08c1d79_JaffaCakes118
-
Size
1.1MB
-
Sample
240713-ye3pdsxakb
-
MD5
4314d785cea1470e12518301d08c1d79
-
SHA1
0e618872304d49e9eb8687155600bd134af80118
-
SHA256
f81ff37c86e302b80b85a566a5801a99958acc1fc4ddc08d08c04d3a34b1ca7a
-
SHA512
ab13980789d22746ac5e4db93345c86d0e48ccffcfc167a32ec467fd0dfacb7ffe9c0d6695d0147e914c3d8c67e715f1eac2be1b22ccd5ee0f1fe3e63ae066ef
-
SSDEEP
24576:5MqeaXUpR4wQV6icoEC3mfgjKcUemuZ+5:5MqhXUf4lkoEUagGcUerE5
Static task
static1
Behavioral task
behavioral1
Sample
4314d785cea1470e12518301d08c1d79_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4314d785cea1470e12518301d08c1d79_JaffaCakes118
-
Size
1.1MB
-
MD5
4314d785cea1470e12518301d08c1d79
-
SHA1
0e618872304d49e9eb8687155600bd134af80118
-
SHA256
f81ff37c86e302b80b85a566a5801a99958acc1fc4ddc08d08c04d3a34b1ca7a
-
SHA512
ab13980789d22746ac5e4db93345c86d0e48ccffcfc167a32ec467fd0dfacb7ffe9c0d6695d0147e914c3d8c67e715f1eac2be1b22ccd5ee0f1fe3e63ae066ef
-
SSDEEP
24576:5MqeaXUpR4wQV6icoEC3mfgjKcUemuZ+5:5MqhXUf4lkoEUagGcUerE5
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6