Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 10:10
Behavioral task
behavioral1
Sample
1f45ebfe890e32b4ccc208791d4f2b7b_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1f45ebfe890e32b4ccc208791d4f2b7b_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
1f45ebfe890e32b4ccc208791d4f2b7b_JaffaCakes118.pdf
-
Size
84KB
-
MD5
1f45ebfe890e32b4ccc208791d4f2b7b
-
SHA1
956b26c8602797a4c47ac03c321a633473066510
-
SHA256
fb15a441f7f9334827c831911667f750566be68d3aaffc7dfde4f591dafb143a
-
SHA512
02b80f6af9a4cbeb0997712c310a24dd6fc0bcd64e4536751ab7f1a4a4b6eb8c7bb48dc799d7b525c50020a56c2bc0f20aa3a96f22d7f50da2a3064c2aa3a45a
-
SSDEEP
1536:GbROfKWH+T1C1bmxuDk3UeGb8VcfvZT7lcHoZI+eBFU0qmWapOtQHWloogP4QRab:uOfnSQiJE3bGsTZBZNeBF3q7tQ7JP4QU
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2404 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2404 AcroRd32.exe 2404 AcroRd32.exe 2404 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1f45ebfe890e32b4ccc208791d4f2b7b_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2404
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD564398747730d141a17a610bd4d2c3394
SHA1e49344b65733f565a7f37721e9797f8343a96073
SHA2563f77687784164efa8b01d81d13891b692e0579da74e7734fe2c35c6e1e36840e
SHA512f243da9e343818270c625a1f3ad553ff0154f682df4b32edee98077aa88bdb30a2cfeb5cdfc93449c528fe731a9cf5b8578dcc7655ca6527823d0e5d3d06ecfc