Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
173b206d1fa2c8dbd20d5a37528cc141_JaffaCakes118
-
Size
120KB
-
Sample
241005-l3dzqatclf
-
MD5
173b206d1fa2c8dbd20d5a37528cc141
-
SHA1
25ba39603c6b1f7b8c7a67b76266388fbd8e5616
-
SHA256
af8bab671376b74012af94d69871993c8d20fee7d762c83d9e200c997b236641
-
SHA512
5e7c5fb83eaf0a31e8a9dee473d727808bc9807178f125457e20d123b616ed1196a1f1b32d8f5fa9a73f3078b6ef711ecb224b6e1ed6c0156920b36e35cb36d3
-
SSDEEP
3072:99aLAJMReYjOr6++PGXFAFqsj4QEVGJs:7hMc6Dlj4ZG
Static task
static1
Behavioral task
behavioral1
Sample
173b206d1fa2c8dbd20d5a37528cc141_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
173b206d1fa2c8dbd20d5a37528cc141_JaffaCakes118
-
Size
120KB
-
MD5
173b206d1fa2c8dbd20d5a37528cc141
-
SHA1
25ba39603c6b1f7b8c7a67b76266388fbd8e5616
-
SHA256
af8bab671376b74012af94d69871993c8d20fee7d762c83d9e200c997b236641
-
SHA512
5e7c5fb83eaf0a31e8a9dee473d727808bc9807178f125457e20d123b616ed1196a1f1b32d8f5fa9a73f3078b6ef711ecb224b6e1ed6c0156920b36e35cb36d3
-
SSDEEP
3072:99aLAJMReYjOr6++PGXFAFqsj4QEVGJs:7hMc6Dlj4ZG
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5