Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dd82d98befccc27a48912a92af365def_JaffaCakes118
-
Size
100KB
-
Sample
241210-hm7qbasmgj
-
MD5
dd82d98befccc27a48912a92af365def
-
SHA1
98c5a3f8e54ccd68625dd33228a1212700af49ae
-
SHA256
f07b9b8e4ccf000c88212c78e71e9cf27fdb01940c7d59f690885d304854602e
-
SHA512
6c2c2fa00459aac58ffafbb5e3d7a09a03a2363af83222d5d99d14cad4e265b0b81d841569565b65de41ad76c6f9a6f80ecce3df43e0dafb568ea65d7674227b
-
SSDEEP
3072:md0b7+3n9ydCPXLOkO5Y7avFjXzV0fKiioENspc0oL0:a0b7IpPTKvFLZsKiiosHl0
Static task
static1
Behavioral task
behavioral1
Sample
dd82d98befccc27a48912a92af365def_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
dd82d98befccc27a48912a92af365def_JaffaCakes118
-
Size
100KB
-
MD5
dd82d98befccc27a48912a92af365def
-
SHA1
98c5a3f8e54ccd68625dd33228a1212700af49ae
-
SHA256
f07b9b8e4ccf000c88212c78e71e9cf27fdb01940c7d59f690885d304854602e
-
SHA512
6c2c2fa00459aac58ffafbb5e3d7a09a03a2363af83222d5d99d14cad4e265b0b81d841569565b65de41ad76c6f9a6f80ecce3df43e0dafb568ea65d7674227b
-
SSDEEP
3072:md0b7+3n9ydCPXLOkO5Y7avFjXzV0fKiioENspc0oL0:a0b7IpPTKvFLZsKiiosHl0
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5