Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 09:06
Behavioral task
behavioral1
Sample
01de522c0633013467a42838fd0cb218_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
01de522c0633013467a42838fd0cb218_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
01de522c0633013467a42838fd0cb218_JaffaCakes118.pdf
-
Size
81KB
-
MD5
01de522c0633013467a42838fd0cb218
-
SHA1
20ca611308466a3d3d42f7d84f8df5d9edcbd823
-
SHA256
6286be0f114e1a2e7992b724f4bf10c2c01f784c201412116ab1ff8012b17cd4
-
SHA512
7f74ecd93b640cac34f12862ad7e8cedfead2167607583545bb4bcdf9500f2e73a70caf5e7be535122c7af453e280cc142478ca96af31b5d8b9de2a914f63e4b
-
SSDEEP
1536:ESY89WKmCm4ZfqNyiVYYXb+LGf4R5TeT+NEWGpOKCWy6Ksvt40tE+aKEaFOK:S899mCbcyiykf4vTeT+zKqsvLtE+6aF
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1092 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1092 AcroRd32.exe 1092 AcroRd32.exe 1092 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\01de522c0633013467a42838fd0cb218_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1092
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52657845f0416bacd4085b8343b638843
SHA1712583dfd510027cbc8f4aadeb4120c0f13adda1
SHA256db7127a3587c08bc2ad38c4419fd6713f4781afa340494565cc8a2c7ef3eacf5
SHA512abf9ace1db4f6d399ee4fcfcc536b4a73b7d50a9e6eb85bd10bc277d0f9bd1241049a6ae955c5dffcd0f4e86614fa54bb2a8921c83d2b9340bbaafda3126a3ca