Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_089231da55558143f40d2ec81724cf24
-
Size
216KB
-
Sample
241231-g6zndaskgv
-
MD5
089231da55558143f40d2ec81724cf24
-
SHA1
af04a4734b32ae21324d3553ff293add75fe3a3d
-
SHA256
23ca63226d8f856eabec3e58115a7bf7bd6ccaad871192f31a0671a44e25a559
-
SHA512
be600f64acc22ec7307a20bff105641d243125cf5800db0704409c633b9b2a1f3dab5674b48350156844827dea66c31c728b69fabc74d1003b2a69528b131e07
-
SSDEEP
6144:n51plxAAZcR/6TkINLRnJsP/HjCmletH:n5nXC142zCGOH
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_089231da55558143f40d2ec81724cf24.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
JaffaCakes118_089231da55558143f40d2ec81724cf24
-
Size
216KB
-
MD5
089231da55558143f40d2ec81724cf24
-
SHA1
af04a4734b32ae21324d3553ff293add75fe3a3d
-
SHA256
23ca63226d8f856eabec3e58115a7bf7bd6ccaad871192f31a0671a44e25a559
-
SHA512
be600f64acc22ec7307a20bff105641d243125cf5800db0704409c633b9b2a1f3dab5674b48350156844827dea66c31c728b69fabc74d1003b2a69528b131e07
-
SSDEEP
6144:n51plxAAZcR/6TkINLRnJsP/HjCmletH:n5nXC142zCGOH
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5