Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
df18462d6309efb5454fecdf3df709ce_JaffaCakes118
-
Size
350KB
-
Sample
240913-3jf4eaverk
-
MD5
df18462d6309efb5454fecdf3df709ce
-
SHA1
1caa5c2a2bcdc6b8282c971f197ff7df78352e11
-
SHA256
2b47a07b4a577bb57598402cbb7adb06a2cfae0c6f2bb212d7c9957687fe0445
-
SHA512
8466a90e49ea0e1916e493208aeb736bfd30e53908a63a9f54bb7ffdc6430abf4fb54ca901cade1893a3c3b243465378212d4d1e17fcb7e0ed3c626d884dc6d6
-
SSDEEP
6144:hqs/AV1rl6ahtdKGFXnxdS8NnaopyJLn1KT2z99X5kdT8Z0BwG9bM6Zyj:hbS6qtEGFXxHaopwtEwWbvZyj
Static task
static1
Behavioral task
behavioral1
Sample
df18462d6309efb5454fecdf3df709ce_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
df18462d6309efb5454fecdf3df709ce_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
df18462d6309efb5454fecdf3df709ce_JaffaCakes118
-
Size
350KB
-
MD5
df18462d6309efb5454fecdf3df709ce
-
SHA1
1caa5c2a2bcdc6b8282c971f197ff7df78352e11
-
SHA256
2b47a07b4a577bb57598402cbb7adb06a2cfae0c6f2bb212d7c9957687fe0445
-
SHA512
8466a90e49ea0e1916e493208aeb736bfd30e53908a63a9f54bb7ffdc6430abf4fb54ca901cade1893a3c3b243465378212d4d1e17fcb7e0ed3c626d884dc6d6
-
SSDEEP
6144:hqs/AV1rl6ahtdKGFXnxdS8NnaopyJLn1KT2z99X5kdT8Z0BwG9bM6Zyj:hbS6qtEGFXxHaopwtEwWbvZyj
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6