Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 18:05
Behavioral task
behavioral1
Sample
291019edd9cd64190ed9cc6aa4a0d216_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
291019edd9cd64190ed9cc6aa4a0d216_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
291019edd9cd64190ed9cc6aa4a0d216_JaffaCakes118.pdf
-
Size
86KB
-
MD5
291019edd9cd64190ed9cc6aa4a0d216
-
SHA1
aa57f8dc7ce2829731bfdb4522513252307c0200
-
SHA256
4d9a28a1034341b4224b504fc59d5fc86cc5f2af3d712baed8bbe2efc217797d
-
SHA512
a3ccc53ce2ffd6141215f3b70aa77d0e196b5e9872acc3fa1b27d5986c60611cb6022825d1fd3044d297e237ebabcf363d2437004ebc78ded33ba2b8e8b611e6
-
SSDEEP
1536:DKiL6y7AhhiCzpppiF3GxDxqh+QfyLJaF24nqup+MmW3lX1yp5+rHrYiZVWUpO7r:TO6mhiCXEF3GPqhBFvnt1yrmLYiZ474y
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 848 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 848 AcroRd32.exe 848 AcroRd32.exe 848 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\291019edd9cd64190ed9cc6aa4a0d216_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:848
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55e8b5a57225b647583118d4bb0f24135
SHA1abc8d4b14c5b4e89f2f1a573929b980a2608da37
SHA2561c7ac3407ea8490e0cd9d944adea6ce3796f8bd50e3efd73e0aa37d68085a56e
SHA512ed50b3bf89a7457f8e26f3ec132ce4f57d10eb2dad7048c44ccaeb86027f4966c6362f46d71c730315ee488a0d3debf1095aa1120522b27187f25d8cc01a4b1a