Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e06c63e4f48acc302feca4a2289c0701_JaffaCakes118
-
Size
100KB
-
Sample
241211-h62neaxmgj
-
MD5
e06c63e4f48acc302feca4a2289c0701
-
SHA1
8462f2ef49d982d07fbb40b941f48c0224b44107
-
SHA256
7a3e3c9f6d8092cc95923916e16ca25a56af1e4e4a9d0523952dabdc43d14943
-
SHA512
bf198f7fa4d68f209e6a4322dca188cdfbcdc7af1c1894e4523a0a67fe50e87903853dc90e29ed742d32a53a14e9dc814a0bc7508829a7fced5bde467b3a47db
-
SSDEEP
1536:gwYe3MD684pSheJ7Yu/DOMHV4cjM+Wogudr6/ydgVsjKMWW1ypWqhEIBiTEksy:g3yMD6HQeJbucjXWoHEFW78rk
Static task
static1
Behavioral task
behavioral1
Sample
e06c63e4f48acc302feca4a2289c0701_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
e06c63e4f48acc302feca4a2289c0701_JaffaCakes118
-
Size
100KB
-
MD5
e06c63e4f48acc302feca4a2289c0701
-
SHA1
8462f2ef49d982d07fbb40b941f48c0224b44107
-
SHA256
7a3e3c9f6d8092cc95923916e16ca25a56af1e4e4a9d0523952dabdc43d14943
-
SHA512
bf198f7fa4d68f209e6a4322dca188cdfbcdc7af1c1894e4523a0a67fe50e87903853dc90e29ed742d32a53a14e9dc814a0bc7508829a7fced5bde467b3a47db
-
SSDEEP
1536:gwYe3MD684pSheJ7Yu/DOMHV4cjM+Wogudr6/ydgVsjKMWW1ypWqhEIBiTEksy:g3yMD6HQeJbucjXWoHEFW78rk
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5