Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ff02090f6f...18.exe

windows7-x64

3

ff02090f6f...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$TEMP/B3DE...64.exe

windows7-x64

4

$TEMP/B3DE...64.exe

windows10-2004-x64

Setup64.exe

windows7-x64

4

Setup64.exe

windows10-2004-x64

4

uninst.exe

windows7-x64

3

uninst.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$TEMP/B3DE...64.exe

windows7-x64

4

$TEMP/B3DE...64.exe

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff02090f6ffee0c663e0ffb9af4ead08_JaffaCakes118

  • Size

    615KB

  • Sample

    240929-vxe49sshmn

  • MD5

    ff02090f6ffee0c663e0ffb9af4ead08

  • SHA1

    9752ff6838dd149c496d2f0e83a52a5966789834

  • SHA256

    08131f143bb96f0cd77981f3b0f9ccefec2b4cdc2b0b35f7b2618d4473d978e6

  • SHA512

    621754d66327672309d12c35b86062e579c6d004db16a3ad26de36651d1a9735d12e9d85ff6629c7ea7b48072b36aca3027229d452eeba8152cc4bf8340e5331

  • SSDEEP

    12288:4wp5BPtw9eMgUBmW5KnCcetYGmfjrtilztP3MgUNmW5BKtYGqfjEn3Ym:4wVC97B9yCceKGm7xN95sKGq7En3Ym

Score
10/10
salitybackdoordiscoveryevasionpersistenceprivilege_escalationtrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ff02090f6ffee0c663e0ffb9af4ead08_JaffaCakes118

    • Size

      615KB

    • MD5

      ff02090f6ffee0c663e0ffb9af4ead08

    • SHA1

      9752ff6838dd149c496d2f0e83a52a5966789834

    • SHA256

      08131f143bb96f0cd77981f3b0f9ccefec2b4cdc2b0b35f7b2618d4473d978e6

    • SHA512

      621754d66327672309d12c35b86062e579c6d004db16a3ad26de36651d1a9735d12e9d85ff6629c7ea7b48072b36aca3027229d452eeba8152cc4bf8340e5331

    • SSDEEP

      12288:4wp5BPtw9eMgUBmW5KnCcetYGmfjrtilztP3MgUNmW5BKtYGqfjEn3Ym:4wVC97B9yCceKGm7xN95sKGq7En3Ym

    Score
    10/10
    discoverysalitybackdoorevasionpersistenceprivilege_escalationtrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      a401e590877ef6c928d2a97c66157094

    • SHA1

      75e24799cf67e789fadcc8b7fddefc72fdc4cd61

    • SHA256

      2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0

    • SHA512

      6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f

    • SSDEEP

      48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      1e8e11f465afdabe97f529705786b368

    • SHA1

      ea42bed65df6618c5f5648567d81f3935e70a2a0

    • SHA256

      7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b

    • SHA512

      16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $TEMP/B3DE3DBF-7F64-47b5-B25B-9842D2B1A045_Rockey200std/Setup64.exe

    • Size

      489KB

    • MD5

      67970f766f50acb40b71adc44a3f942e

    • SHA1

      c0208a34bae19787d694cc93ed6bb40d684fc184

    • SHA256

      2ad42a3b7fd1fdb5ebfd84680e5c7c7cae4890b7ed985b98bd6f123255500c9e

    • SHA512

      278f0e53d0f34d742ef62091abe2301dca3b98216fd7094425cdeb8052d08314dbd520c96735b74dd5c313b033c7f38b3e489048996346168edb635ba7a7d0c9

    • SSDEEP

      6144:j+Lw54xlL+rPEoi4i0HdRhHjlQlJ/KYgLyXTfemW8Uf+8hjUBHuehlv4lUKuBHsO:jOw54xl+AjUdYDXTZWLf+8hnehRKzS5

    Score
    4/10
    behavioral10behavioral9

    • Target

      Setup64.exe

    • Size

      489KB

    • MD5

      67970f766f50acb40b71adc44a3f942e

    • SHA1

      c0208a34bae19787d694cc93ed6bb40d684fc184

    • SHA256

      2ad42a3b7fd1fdb5ebfd84680e5c7c7cae4890b7ed985b98bd6f123255500c9e

    • SHA512

      278f0e53d0f34d742ef62091abe2301dca3b98216fd7094425cdeb8052d08314dbd520c96735b74dd5c313b033c7f38b3e489048996346168edb635ba7a7d0c9

    • SSDEEP

      6144:j+Lw54xlL+rPEoi4i0HdRhHjlQlJ/KYgLyXTfemW8Uf+8hjUBHuehlv4lUKuBHsO:jOw54xl+AjUdYDXTZWLf+8hnehRKzS5

    Score
    4/10
    behavioral11behavioral12

    • Target

      uninst.exe

    • Size

      367KB

    • MD5

      9da20ca5612ff2fdfe79d434b276a80e

    • SHA1

      b71b982b9669d6a0fa2785d65380048182278218

    • SHA256

      007189b403851030ba2fcfa914226f9d33c25c278e884047440ceddde6d569aa

    • SHA512

      e7189789a71843faf5702b8a7ba1c03362fae46fec032d3ddd0c53fd70b33d4f779c5d9b69fd674ec3a7e216fd08067bd5c63fc32048a5ed7980a992edb3e1c7

    • SSDEEP

      6144:Cek47SIt16NEhiBo/tPLTQcQjgzsUWOmWr1KnOJceoq2A8vGmflVrtD+sm3:dSp5B+tPCMgUBmW5KnCcetYGmfjrtiP

    Score
    10/10
    discoverysalitybackdoorevasionpersistenceprivilege_escalationtrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      1e8e11f465afdabe97f529705786b368

    • SHA1

      ea42bed65df6618c5f5648567d81f3935e70a2a0

    • SHA256

      7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b

    • SHA512

      16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $TEMP/B3DE3DBF-7F64-47b5-B25B-9842D2B1A045_Rockey200std/Setup64.exe

    • Size

      489KB

    • MD5

      67970f766f50acb40b71adc44a3f942e

    • SHA1

      c0208a34bae19787d694cc93ed6bb40d684fc184

    • SHA256

      2ad42a3b7fd1fdb5ebfd84680e5c7c7cae4890b7ed985b98bd6f123255500c9e

    • SHA512

      278f0e53d0f34d742ef62091abe2301dca3b98216fd7094425cdeb8052d08314dbd520c96735b74dd5c313b033c7f38b3e489048996346168edb635ba7a7d0c9

    • SSDEEP

      6144:j+Lw54xlL+rPEoi4i0HdRhHjlQlJ/KYgLyXTfemW8Uf+8hjUBHuehlv4lUKuBHsO:jOw54xl+AjUdYDXTZWLf+8hnehRKzS5

    Score
    4/10
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks