Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9468e72629e81b5f05e90202955e4930_JaffaCakes118
-
Size
351KB
-
Sample
240813-x4pcmawflp
-
MD5
9468e72629e81b5f05e90202955e4930
-
SHA1
7c5e246707670141e4687805fb857251488e2856
-
SHA256
af99e4717c6c8d1740c3a8899379d46b516503aa03b8e5a2347c77534bf006d2
-
SHA512
8e6b44cb5b080915e6f5b1ec7685f56a51ebb36b19f7c908a6c0a7517897640a793d8a301e7ee5d2fadee41e651279caa1406a9217fd60a82eafc9336de2af6d
-
SSDEEP
3072:hoF3CkEnm23lSuURxK/paQFVCIyxZtIbLPISKaTMjD2B9r3nWGtot+OO2ETG/8dA:8IzSsMJPL8tnIFIJVSITSQS
Static task
static1
Behavioral task
behavioral1
Sample
9468e72629e81b5f05e90202955e4930_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
9468e72629e81b5f05e90202955e4930_JaffaCakes118
-
Size
351KB
-
MD5
9468e72629e81b5f05e90202955e4930
-
SHA1
7c5e246707670141e4687805fb857251488e2856
-
SHA256
af99e4717c6c8d1740c3a8899379d46b516503aa03b8e5a2347c77534bf006d2
-
SHA512
8e6b44cb5b080915e6f5b1ec7685f56a51ebb36b19f7c908a6c0a7517897640a793d8a301e7ee5d2fadee41e651279caa1406a9217fd60a82eafc9336de2af6d
-
SSDEEP
3072:hoF3CkEnm23lSuURxK/paQFVCIyxZtIbLPISKaTMjD2B9r3nWGtot+OO2ETG/8dA:8IzSsMJPL8tnIFIJVSITSQS
-
Modifies firewall policy service
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5