Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
38a56c26fbf2d0dd98dc6a75e9be569c_JaffaCakes118
-
Size
100KB
-
Sample
241012-gb6s7s1bjp
-
MD5
38a56c26fbf2d0dd98dc6a75e9be569c
-
SHA1
7d8b4c6f53547090db9d359c968f5ff1b4a10976
-
SHA256
e1bd17f9e7252e9c16d1bc1691228f83e1dd809926e87cfc90ed2646d41e0493
-
SHA512
de547ab7b23e6e288d21a9123342a8897346605d81616e0cef32c41570ba1972287d559803271377925114448584fa9c0b37669853799eb9ad81d4c9cd1d76b8
-
SSDEEP
1536:n9sYgdxXzGk8K0f0yPdjMlNSw/fE2hOYDnvPvSy2fFX+DSTaz3tKOpJN:H2xjF8K0fVQTS8fHhOY7XIEBz3A6
Static task
static1
Behavioral task
behavioral1
Sample
38a56c26fbf2d0dd98dc6a75e9be569c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
38a56c26fbf2d0dd98dc6a75e9be569c_JaffaCakes118
-
Size
100KB
-
MD5
38a56c26fbf2d0dd98dc6a75e9be569c
-
SHA1
7d8b4c6f53547090db9d359c968f5ff1b4a10976
-
SHA256
e1bd17f9e7252e9c16d1bc1691228f83e1dd809926e87cfc90ed2646d41e0493
-
SHA512
de547ab7b23e6e288d21a9123342a8897346605d81616e0cef32c41570ba1972287d559803271377925114448584fa9c0b37669853799eb9ad81d4c9cd1d76b8
-
SSDEEP
1536:n9sYgdxXzGk8K0f0yPdjMlNSw/fE2hOYDnvPvSy2fFX+DSTaz3tKOpJN:H2xjF8K0fVQTS8fHhOY7XIEBz3A6
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5