Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
139b0c8c03fc3bd86b5041ef7f34cfc7_JaffaCakes118
-
Size
1.0MB
-
Sample
241004-q457ta1glf
-
MD5
139b0c8c03fc3bd86b5041ef7f34cfc7
-
SHA1
7956809db231e32d7766011f69f24fe760a730b8
-
SHA256
b86d368a102ce764870b2cf2197e48496d91a94e4ab59bc61eecf92d9edba3bf
-
SHA512
8a3fb1e0981fe6518ad7dc9098dd3c840ce2d5724b9b584e93bd66b337b9a7bd3b7498fd6f10d3f23f94450dc6bc1f4799796b44d867a4b4060e1bec8b20b7a0
-
SSDEEP
24576:aNlCkb9m3NFzLGe4obPDyPzjChH0rqRlvbyhhgIWH:aNZm3ffSobkjChHUqwxWH
Static task
static1
Behavioral task
behavioral1
Sample
MW3 Prestige Hack 2012.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
DarkComet
armedpickler1235.no-ip.biz:200
DC_MUTEX-4D3WYFP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
m7kUMvwZgV2P
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
MW3 Prestige Hack 2012.exe
-
Size
1.3MB
-
MD5
a30160656f3d8b9db8eb21310b2e5009
-
SHA1
ac74646751f8dbc7bcccac8860e759471e2212c7
-
SHA256
78cd2433efcd65d483ea4f7fc78557998832ff2048eaee73ed7e9f4744ae9510
-
SHA512
80c81d2048371396629891fb4795f977e6122622b66dbe44f0120e298a1b8a8bf47899a8d35384d8fd21355cc9750751100db8b73c934eb0fc1a98d3f344b24c
-
SSDEEP
24576:HhqGVu34oC7sgH2O2Vi5mF3jByDk9n3U6nClYtV7qMcJvv66z35vz17Dh4MA9d:HhqkpWBgk9Dn0YfqMcJH66L5BPhy
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2