Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_491348b3e77b5a843c5c3da87d929d70
-
Size
257KB
-
Sample
250101-gank8synbl
-
MD5
491348b3e77b5a843c5c3da87d929d70
-
SHA1
616779fb8c9111394f09c10e83a2c5d1bc02d57e
-
SHA256
a11057ae9f8b06498867b033f8333d89d8f935bbddf270bcec581ec3a2ac8d23
-
SHA512
e9964f78a793eac233df89ec409b7a7d1c38691a3d6b529551f059a4df6a818f71e49c5f15dc56db1eddc4f6ae586f7aa696e6f065e86a3809d56f458ed43f00
-
SSDEEP
6144:LzEMZZLUjD5qIMhc9fNONGFmGU5DOmFmt:LzTZZUjD5q5c9VOcFmGU5DOmFmt
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_491348b3e77b5a843c5c3da87d929d70.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_491348b3e77b5a843c5c3da87d929d70.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_491348b3e77b5a843c5c3da87d929d70
-
Size
257KB
-
MD5
491348b3e77b5a843c5c3da87d929d70
-
SHA1
616779fb8c9111394f09c10e83a2c5d1bc02d57e
-
SHA256
a11057ae9f8b06498867b033f8333d89d8f935bbddf270bcec581ec3a2ac8d23
-
SHA512
e9964f78a793eac233df89ec409b7a7d1c38691a3d6b529551f059a4df6a818f71e49c5f15dc56db1eddc4f6ae586f7aa696e6f065e86a3809d56f458ed43f00
-
SSDEEP
6144:LzEMZZLUjD5qIMhc9fNONGFmGU5DOmFmt:LzTZZUjD5q5c9VOcFmGU5DOmFmt
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5