Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
46adca4a892dc48862ba393d45d27745_JaffaCakes118
-
Size
205KB
-
Sample
240714-vbqnwayfkq
-
MD5
46adca4a892dc48862ba393d45d27745
-
SHA1
2bb1fb8c9f907fdfaea108f5cec438a416c83a6e
-
SHA256
2466475118603cf9ac0f193d48a9971783b8911a50238c55894909d2e09cce75
-
SHA512
5fe136a3de59093670a838099ddb4e548afc69cfe61ec3c255c3a78088f06cae073de2b1e0fce829855a972a7149cf8a913d583ad001d918ee85f772384cdd85
-
SSDEEP
6144:ltZ9O0jcNFPwWW3V4gCrV8g88YMG9YccWpL80fj:7OacNFIFatrg9YccWpD
Static task
static1
Behavioral task
behavioral1
Sample
46adca4a892dc48862ba393d45d27745_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
46adca4a892dc48862ba393d45d27745_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
46adca4a892dc48862ba393d45d27745_JaffaCakes118
-
Size
205KB
-
MD5
46adca4a892dc48862ba393d45d27745
-
SHA1
2bb1fb8c9f907fdfaea108f5cec438a416c83a6e
-
SHA256
2466475118603cf9ac0f193d48a9971783b8911a50238c55894909d2e09cce75
-
SHA512
5fe136a3de59093670a838099ddb4e548afc69cfe61ec3c255c3a78088f06cae073de2b1e0fce829855a972a7149cf8a913d583ad001d918ee85f772384cdd85
-
SSDEEP
6144:ltZ9O0jcNFPwWW3V4gCrV8g88YMG9YccWpL80fj:7OacNFIFatrg9YccWpD
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
32aa6334fc543e70ef0f792bb9a0c45a
-
SHA1
54be1f5004f7e5afe7c9ba160495076ea2a4d60c
-
SHA256
610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2
-
SHA512
ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae
-
SSDEEP
192:V6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTwK72dwF7dBdcQOz:V6JaVh4I5rpPbTw+BdhO
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5