Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 18:36
Behavioral task
behavioral1
Sample
29b03a9a003603443d2f68acf0368b7a_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
29b03a9a003603443d2f68acf0368b7a_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
29b03a9a003603443d2f68acf0368b7a_JaffaCakes118.pdf
-
Size
135KB
-
MD5
29b03a9a003603443d2f68acf0368b7a
-
SHA1
68d61ce1f0198f5a40117ebb179208a395c69569
-
SHA256
2b92b69deb9336b1dae2dfe2931bc91f6c8b9c45e5feee87b1b028fde475be15
-
SHA512
fc955f3410bd031e7f408691a7959be9cc9a9e5fc1b0616cf982d3cb6d5c3c54e549927ee20fe6e3af5bbcdc0596703cbc97c8c3ab3746fbc7e76c24abc3bc54
-
SSDEEP
3072:EjZCkhY9T/JPXPdE9GxuVa7n0MOd4RI65nKOecA87:EjZCAY9TFPdEwuY/7KKp
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2856 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2856 AcroRd32.exe 2856 AcroRd32.exe 2856 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\29b03a9a003603443d2f68acf0368b7a_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2856
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD503b3478c5b3141bde1f1ef0cc0ec8635
SHA17b83f18bdaf2a4f3074f76be70e8e323088e4b31
SHA256cb67b71942c7082c5ef64ab5975eb7633d0d5088b310329218f49e268544f5d0
SHA51246be6ec96c3289ef6ceb5e581abe03aaeb9f48d3a11f30cdaf2b401b31196549ddb1b96687bc8bc5e8d8e70a654fcb7a667a5b10522d81d30384340300395de0