Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
73e104bb4777b263515cb29cf710fcea_JaffaCakes118
-
Size
144KB
-
Sample
240726-npb93syeqh
-
MD5
73e104bb4777b263515cb29cf710fcea
-
SHA1
b75169b7cf85a436b694c7823c8484bb1aad1c70
-
SHA256
d6fb7f44b80c842d2b615bd014e7462b340587f044a0f8dbb71a15f70e48b5e8
-
SHA512
69409ed8c2b040427282a75870190d95ba069136d7a8dc789cd685a37b40f18bf95c296bb819ba0e48dc20caafff7640907ec2fad749a6cdae64b822b3f19bca
-
SSDEEP
3072:cMCTOPydz6ikrKkQOB95UEWdxMpUv9AbHo1HH:kTOEOrV95pW4+v9Mop
Static task
static1
Behavioral task
behavioral1
Sample
73e104bb4777b263515cb29cf710fcea_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
73e104bb4777b263515cb29cf710fcea_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
73e104bb4777b263515cb29cf710fcea_JaffaCakes118
-
Size
144KB
-
MD5
73e104bb4777b263515cb29cf710fcea
-
SHA1
b75169b7cf85a436b694c7823c8484bb1aad1c70
-
SHA256
d6fb7f44b80c842d2b615bd014e7462b340587f044a0f8dbb71a15f70e48b5e8
-
SHA512
69409ed8c2b040427282a75870190d95ba069136d7a8dc789cd685a37b40f18bf95c296bb819ba0e48dc20caafff7640907ec2fad749a6cdae64b822b3f19bca
-
SSDEEP
3072:cMCTOPydz6ikrKkQOB95UEWdxMpUv9AbHo1HH:kTOEOrV95pW4+v9Mop
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5