Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...70.exe

windows7-x64

10

JaffaCakes...70.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_491348b3e77b5a843c5c3da87d929d70

  • Size

    257KB

  • Sample

    250101-gank8synbl

  • MD5

    491348b3e77b5a843c5c3da87d929d70

  • SHA1

    616779fb8c9111394f09c10e83a2c5d1bc02d57e

  • SHA256

    a11057ae9f8b06498867b033f8333d89d8f935bbddf270bcec581ec3a2ac8d23

  • SHA512

    e9964f78a793eac233df89ec409b7a7d1c38691a3d6b529551f059a4df6a818f71e49c5f15dc56db1eddc4f6ae586f7aa696e6f065e86a3809d56f458ed43f00

  • SSDEEP

    6144:LzEMZZLUjD5qIMhc9fNONGFmGU5DOmFmt:LzTZZUjD5q5c9VOcFmGU5DOmFmt

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      JaffaCakes118_491348b3e77b5a843c5c3da87d929d70

    • Size

      257KB

    • MD5

      491348b3e77b5a843c5c3da87d929d70

    • SHA1

      616779fb8c9111394f09c10e83a2c5d1bc02d57e

    • SHA256

      a11057ae9f8b06498867b033f8333d89d8f935bbddf270bcec581ec3a2ac8d23

    • SHA512

      e9964f78a793eac233df89ec409b7a7d1c38691a3d6b529551f059a4df6a818f71e49c5f15dc56db1eddc4f6ae586f7aa696e6f065e86a3809d56f458ed43f00

    • SSDEEP

      6144:LzEMZZLUjD5qIMhc9fNONGFmGU5DOmFmt:LzTZZUjD5q5c9VOcFmGU5DOmFmt

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks