Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 23:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe
-
Size
72KB
-
MD5
23eda24c7947376072bebbc1a6dd1508
-
SHA1
71356343943b00484826740ba17cc8abcd20987d
-
SHA256
7242ab73df468b68ed3bce28741d8a6156bfd7c990212f02b4afb7e4e1c19f53
-
SHA512
9c8900dd74b3287647cb5d1f0d1e93e024983674b25cce2a5afa9f56c89f34804164fb273accdc9691c3f182e6bad37aabb9f659eb6129bf56378c4a00212443
-
SSDEEP
768:1JgJ9aM4sDYT24w3/DSa+bb/YnpwsEkGx91LE/ea+TT24w3/DHDVM4O9fl:ra4wYBwPD2ywht91LE8BwPDjO4y
Score
1/10
Malware Config
Signatures
-
Modifies registry class 44 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\HELPDIR 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib\Version = "1.0" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\TypeLib 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦²¼¶’ 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6} 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\ProgID 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ = "–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\FLAGS\ = "0" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid32 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6} 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\TypeLib\ = "{E35324EB-22BB-4861-8C32-DE4A1D02FB45}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦²¼¶’\Clsid 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\Programmable 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\0 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid32 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib\Version = "1.0" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib\ = "{E35324EB-22BB-4861-8C32-DE4A1D02FB45}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5} 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\ProgID\ = "VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦²¼¶’\ = "VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦²¼¶’\Clsid\ = "{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45} 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\0\win32 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\TypeLib\ = "{E35324EB-22BB-4861-8C32-DE4A1D02FB45}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\VERSION\ = "1.0" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\FLAGS 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ = "_–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{987A2F3B-2F3A-46C3-BEC4-5B8A51E970F6}\ = "_–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\ = "VbœšœªŠš.–ˆ¯±Œ¸µ´˜˜™¦\u0090²¼¶’" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\LocalServer32 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\Implemented Categories 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\ = "VbœšœªŠš" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{E35324EB-22BB-4861-8C32-DE4A1D02FB45}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe" 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEC466C8-0D4D-47C9-9F7C-67D91FE647C5}\VERSION 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2484 23eda24c7947376072bebbc1a6dd1508_JaffaCakes118.exe