Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 08:08
Behavioral task
behavioral1
Sample
1d055954b5bb9cb01b2b7516a67c2522_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d055954b5bb9cb01b2b7516a67c2522_JaffaCakes118.pdf
Resource
win10v2004-20231215-en
General
-
Target
1d055954b5bb9cb01b2b7516a67c2522_JaffaCakes118.pdf
-
Size
72KB
-
MD5
1d055954b5bb9cb01b2b7516a67c2522
-
SHA1
18158da110522e2e04361c74f6bcc43c7435a86b
-
SHA256
1817df0d87b2d9d1208890ac81bd9249a5127f79f34fcddbcb436a81499df479
-
SHA512
78de2914063f0a0936c19dda364645eba09c41cc2eff641ee3b0d85a3bcb6bafd48537f222aacc1a9e1c2c2c99179b936d795f496038fe25984bffaeccf090e9
-
SSDEEP
1536:ykW6hXn55roKgZVjvaCC5+bcQLplHnoWWmiWUpO7qWCyzkLa:Tj5BOjvvC5+bcQL75Wmd7Hzz
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1724 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1724 AcroRd32.exe 1724 AcroRd32.exe 1724 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1d055954b5bb9cb01b2b7516a67c2522_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1724
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5608dd61711a0bad30c82c10d308b4144
SHA1885de43dc59054108d67e6492549f88af31e5d4c
SHA256ec752ea2bd3d3f4dacb76cd4b5bb9cb247b1f38de537b0fcfcb9d80ed63b1b86
SHA512c6a01471f9ffa7d7e0b08fad8c933682b34e2b582be40ab26a29ac34ebd625e31f894dfa772c617bf4379970ad4af3f7e938baa6ca12299c7840df4e01b9aed1