Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 18:53
Behavioral task
behavioral1
Sample
0d66ae5c2a500ca4f9c6c1f098cf0d58_JaffaCakes118.pdf
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
0d66ae5c2a500ca4f9c6c1f098cf0d58_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
0d66ae5c2a500ca4f9c6c1f098cf0d58_JaffaCakes118.pdf
-
Size
85KB
-
MD5
0d66ae5c2a500ca4f9c6c1f098cf0d58
-
SHA1
07539d199a20f4c1ecf256eb973f88a1fa794068
-
SHA256
455b752c98962bc15552ef2cf997f765ecaeb83e9b008bb3e30f02f246e19823
-
SHA512
8acfc09392054638455ef3011bc4e454deb4e3c074d38d974814c2589a6c20e4927f701182c95526830cba3fbf82a94912bbda31d89b8f5af4c0ddc8d8c75e45
-
SSDEEP
1536:y9wZj9XekdKWOuToqNpl36/I4Y1Y0asGJ1UEzVy6cUP3WXvckABiu0mTo+v0LnWR:2wZj9XXdrTHm/zY1Y0T41DzVy6Zczu0g
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d66ae5c2a500ca4f9c6c1f098cf0d58_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2968
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5396cbf8ed96e260282c2d1e2c2fb0b66
SHA1baaed2ecf59fbe7e67ca9a0f7fa8e2c62490892b
SHA256b42d936de80317e5048f05ff4eb57b93bc643873942c5dc23afc59deb7cfd97b
SHA512a8dfd73c85d9d624a95091ea720edddeee4fc6bc9dbac080d80efff9643088b231d9d614313d84419094028f40be86bd8b2041b9d47e5de447db8cd3f2dc3825