Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_070475aa27447165d497799da377d9c8
-
Size
280KB
-
Sample
241231-gcfneazqby
-
MD5
070475aa27447165d497799da377d9c8
-
SHA1
bf166d961a19047113f0046d9ec815ed98cc2b52
-
SHA256
dd563a866cfd0e7cb6400a0e4d5ab964c65029decad03dcfe75b8282be09f09f
-
SHA512
75d41b47c38b63cec9cd8319cc6abe32209eb9efa0a1791e704cbe2a39f683c5bd1fb9791b81cc8804e433ed0fac83106be39204a66fce17a657b3ad7cdfdfbf
-
SSDEEP
6144:vY+wP3nJ9l/uNRjhR7d+4e1L/U7wrHZdqxHvAm:slm/jhddI1LsgOhvN
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_070475aa27447165d497799da377d9c8.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_070475aa27447165d497799da377d9c8
-
Size
280KB
-
MD5
070475aa27447165d497799da377d9c8
-
SHA1
bf166d961a19047113f0046d9ec815ed98cc2b52
-
SHA256
dd563a866cfd0e7cb6400a0e4d5ab964c65029decad03dcfe75b8282be09f09f
-
SHA512
75d41b47c38b63cec9cd8319cc6abe32209eb9efa0a1791e704cbe2a39f683c5bd1fb9791b81cc8804e433ed0fac83106be39204a66fce17a657b3ad7cdfdfbf
-
SSDEEP
6144:vY+wP3nJ9l/uNRjhR7d+4e1L/U7wrHZdqxHvAm:slm/jhddI1LsgOhvN
-
Modifies firewall policy service
-
Sality family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7