Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eb7ce4c94f8c940ff49610913a1d4122_JaffaCakes118
-
Size
120KB
-
Sample
240919-rdb2qasbpa
-
MD5
eb7ce4c94f8c940ff49610913a1d4122
-
SHA1
f44a8a7a103b4d2dec350a3802c0aa0d3c6bbe4b
-
SHA256
05abd9736c6262d5f17972836dd4d23b1363375ca913567e957155f1b080a492
-
SHA512
fd4599b1aef47866a63ac964530c301f8a19e540e68e5b5cd6d2c00aef5204c602cff9b3314d467adfa7da08d10076984ac3766f695da21b0097fcb3c6d0dabb
-
SSDEEP
1536:dQB7sFY1SSb5hK39c4vX5zPIwqvtEEXJzJY2+Sjlobod489isPr2tyK:dQB7Dk66BP0vKEXM2+Sjloboj9isTO
Static task
static1
Behavioral task
behavioral1
Sample
eb7ce4c94f8c940ff49610913a1d4122_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
eb7ce4c94f8c940ff49610913a1d4122_JaffaCakes118
-
Size
120KB
-
MD5
eb7ce4c94f8c940ff49610913a1d4122
-
SHA1
f44a8a7a103b4d2dec350a3802c0aa0d3c6bbe4b
-
SHA256
05abd9736c6262d5f17972836dd4d23b1363375ca913567e957155f1b080a492
-
SHA512
fd4599b1aef47866a63ac964530c301f8a19e540e68e5b5cd6d2c00aef5204c602cff9b3314d467adfa7da08d10076984ac3766f695da21b0097fcb3c6d0dabb
-
SSDEEP
1536:dQB7sFY1SSb5hK39c4vX5zPIwqvtEEXJzJY2+Sjlobod489isPr2tyK:dQB7Dk66BP0vKEXM2+Sjloboj9isTO
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5