Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe
-
Size
48KB
-
MD5
5a04f3d7645b10d94c9deaad2be42219
-
SHA1
c5c4615cf50b6b92734f582468067bcb5e3ce0fe
-
SHA256
70152b0b91f66abc113463734c16faeec185fab5d630b27fd7213c40b58ba494
-
SHA512
ef7c493bfd31ba271f0bb629c9f70a0a31f4bf787dd7837e97a20a1cf523b4274a2c9854f09cf11bfffb1edf000228bd2e95ddf83d9f5af26cf1b9da909b9328
-
SSDEEP
768:LuOuQd+QL/xfzHbEbsfgfgfgf11s3I1s3+1s3oRsjhguyR+BKEJeVIBy/OyE+:L39+Qtd3xjtgu11JeVX9
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\usrinit.exe = "C:\\WINDOWS\\usrinit.exe" 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\MSWINSCK.OCX 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4212 5a04f3d7645b10d94c9deaad2be42219_JaffaCakes118.exe