Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e447189b42cb0c7a7f5bbdc0afc8b271_JaffaCakes118
-
Size
100KB
-
Sample
241212-cw6ays1rfj
-
MD5
e447189b42cb0c7a7f5bbdc0afc8b271
-
SHA1
98977fafa63859ec4b205d8f9134823e208c0174
-
SHA256
c06c44eeee80d67e75a071cecdc9aed0a6eb2b6c2ef1be4f791449ca426d0ce2
-
SHA512
8c6885a8b67b7c8eddc3050cc3234d501c4024c91ceea87502af0239d22ddf461cd9be8850bdd085c6841db5b72f57bc19230ad6f68a2c98e59220f3c41eab2b
-
SSDEEP
3072:scckcLsHqt8wgM37/QjZsVU1Ao+VD8k7ZX:EkceqtRgM39Q+h
Static task
static1
Behavioral task
behavioral1
Sample
e447189b42cb0c7a7f5bbdc0afc8b271_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
e447189b42cb0c7a7f5bbdc0afc8b271_JaffaCakes118
-
Size
100KB
-
MD5
e447189b42cb0c7a7f5bbdc0afc8b271
-
SHA1
98977fafa63859ec4b205d8f9134823e208c0174
-
SHA256
c06c44eeee80d67e75a071cecdc9aed0a6eb2b6c2ef1be4f791449ca426d0ce2
-
SHA512
8c6885a8b67b7c8eddc3050cc3234d501c4024c91ceea87502af0239d22ddf461cd9be8850bdd085c6841db5b72f57bc19230ad6f68a2c98e59220f3c41eab2b
-
SSDEEP
3072:scckcLsHqt8wgM37/QjZsVU1Ao+VD8k7ZX:EkceqtRgM39Q+h
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5