Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ef0ceae5dca15c5c11cfe55a524e2020_JaffaCakes118
-
Size
100KB
-
Sample
240921-evzswsvclp
-
MD5
ef0ceae5dca15c5c11cfe55a524e2020
-
SHA1
152f461a64ebe14f9f30ee478e0935d37398e7cd
-
SHA256
09b43620b42e4ca7ff7201f74a9894589d65f5e4dad457d4750ea9d162cee9c2
-
SHA512
a73a54a22e949c5436bb01cb00b3f23a07c716ed2d7540194aeb41414588feac9ba1568cbb355173e866f71b04b80bfdaaf2527153a4923982f6bfcafe458054
-
SSDEEP
3072:R60c5xHj+WfCwKGasFOsvV9RIzIGLzOLjxy:R6v5phqwKGasFBLRWDLzGjxy
Static task
static1
Behavioral task
behavioral1
Sample
ef0ceae5dca15c5c11cfe55a524e2020_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ef0ceae5dca15c5c11cfe55a524e2020_JaffaCakes118
-
Size
100KB
-
MD5
ef0ceae5dca15c5c11cfe55a524e2020
-
SHA1
152f461a64ebe14f9f30ee478e0935d37398e7cd
-
SHA256
09b43620b42e4ca7ff7201f74a9894589d65f5e4dad457d4750ea9d162cee9c2
-
SHA512
a73a54a22e949c5436bb01cb00b3f23a07c716ed2d7540194aeb41414588feac9ba1568cbb355173e866f71b04b80bfdaaf2527153a4923982f6bfcafe458054
-
SSDEEP
3072:R60c5xHj+WfCwKGasFOsvV9RIzIGLzOLjxy:R6v5phqwKGasFBLRWDLzGjxy
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5