Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 07:56
Behavioral task
behavioral1
Sample
1cc7d3ed871b4b9e2e6880d51c4df747_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1cc7d3ed871b4b9e2e6880d51c4df747_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
1cc7d3ed871b4b9e2e6880d51c4df747_JaffaCakes118.pdf
-
Size
83KB
-
MD5
1cc7d3ed871b4b9e2e6880d51c4df747
-
SHA1
dfb21a9a8a9179656585e938dab3c124b328bcf6
-
SHA256
d69780b179230d2a02e8a674e5ab274afa2d28ca194cfc1971d4aae540b7eedf
-
SHA512
c84c042c7e3ac99f31c8cfa61d17530cc54cac43f2163dc119c9c1ddebbba44890ca55ac418560d831a000a43b4d7333204a65b09fd876e9bf8a566bf750082f
-
SSDEEP
1536:U3qXcsjkNoRAx9tBiVfM5jdOy6AXQoGfmt5OiimTOWHCbaOLJwqO9d8WXpO/7v80:3Mmk22Nak1XQoGfmtSmTYbXLJw3E/T
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1460 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1460 AcroRd32.exe 1460 AcroRd32.exe 1460 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1cc7d3ed871b4b9e2e6880d51c4df747_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1460
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5ead2054e3e3d4f2af050bde085a25d92
SHA1c9fcc77b8be1d1a40ab1a89b34e6ada80306307e
SHA256d4429eed8cc8e8e97a20d4be13f7429412a2b8088268737002f88288dbb29801
SHA512bbc7ab828d9993f9fbb77c72b796beb0d3839988fc27dde95626bb94a2007761d1b1eb58a1f0f9256509eb222a2b288d248e8c96e29424c6e6acac9f1487723a