Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 13:06
Behavioral task
behavioral1
Sample
0648758d6b11720b2ee736bf9e8666bd_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0648758d6b11720b2ee736bf9e8666bd_JaffaCakes118.pdf
Resource
win10v2004-20240319-en
General
-
Target
0648758d6b11720b2ee736bf9e8666bd_JaffaCakes118.pdf
-
Size
94KB
-
MD5
0648758d6b11720b2ee736bf9e8666bd
-
SHA1
0cd643d33cb9b07f8bc6edce7d2e09a49731f21e
-
SHA256
2a9fff4b6c941635375ed32ce3830927e0ebeffa0f0ae3356517028437b549af
-
SHA512
c58775308fcd7263e4699537774f07147b085c06e6caeafd074d7a90125b5642f71ce8f318bbcdb953c62bae7e0fc45e847817b136915a66c4e7e179dc30b8c9
-
SSDEEP
1536:i8HAFD6gnmYV2toVazkmM5NcpazvkYXtNicl16raF0KueU84rVXpBAWOpOwrKWZg:jAFXVKkmocKvxXtN9bYebc5BdwrTDDeD
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3012 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3012 AcroRd32.exe 3012 AcroRd32.exe 3012 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0648758d6b11720b2ee736bf9e8666bd_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3012
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50847b753f7b8ea8f5218fd2f4f1e59ba
SHA1573a3c676f89585c4680011da845e9f946856ab2
SHA25640007479edd45d6af9c845b374748e9b0c3349abc37c774353e37ef6fb7263e6
SHA5129da8b9ca8f684f291286dfd6d5fa1ce6f8cda292dd24927a60bd5bcc0cb1294c67ece9aa678a4eefe6f153df83968f3f109b39fde496c2ce54431a1d8a190bd9