Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88dea4b3191736270f9057dee7f8e7b0_JaffaCakes118
-
Size
1.2MB
-
Sample
240811-ea7m1atdql
-
MD5
88dea4b3191736270f9057dee7f8e7b0
-
SHA1
4544dedbd265e62c88958d5f8fd9e61e0dff9ee6
-
SHA256
194c4c8e422b39853379ce0de407713320da2bdcbf40be3203fea3520e3f3a14
-
SHA512
bfca91a51c0a73fa77acde31935339065b64ae715f9670979da0d38974078de905ad2d43342c331452dbdb3739c4d24c68805ae18aec803e83bda1e5677cfe64
-
SSDEEP
24576:CzCtx5NqOtj35jCPLw1lgGQwC3lulTiyFv4ZWC7+Ep8rNTfmvNvCX:CE5N3JjC2lCTluh3XCKa8rNCvwX
Static task
static1
Behavioral task
behavioral1
Sample
88dea4b3191736270f9057dee7f8e7b0_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
88dea4b3191736270f9057dee7f8e7b0_JaffaCakes118
-
Size
1.2MB
-
MD5
88dea4b3191736270f9057dee7f8e7b0
-
SHA1
4544dedbd265e62c88958d5f8fd9e61e0dff9ee6
-
SHA256
194c4c8e422b39853379ce0de407713320da2bdcbf40be3203fea3520e3f3a14
-
SHA512
bfca91a51c0a73fa77acde31935339065b64ae715f9670979da0d38974078de905ad2d43342c331452dbdb3739c4d24c68805ae18aec803e83bda1e5677cfe64
-
SSDEEP
24576:CzCtx5NqOtj35jCPLw1lgGQwC3lulTiyFv4ZWC7+Ep8rNTfmvNvCX:CE5N3JjC2lCTluh3XCKa8rNCvwX
-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5