Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
04/04/2024, 22:51
Behavioral task
behavioral1
Sample
c3e28f1cdbef776df08d34d807fca2a8_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c3e28f1cdbef776df08d34d807fca2a8_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
c3e28f1cdbef776df08d34d807fca2a8_JaffaCakes118.pdf
-
Size
86KB
-
MD5
c3e28f1cdbef776df08d34d807fca2a8
-
SHA1
8d485b299a5eab2de1ad0ba7216f37fc45bd389a
-
SHA256
9c4c46d83dea0152cb9e84a2015b946c931c44f23c678cdd086b5182f75caee3
-
SHA512
fef9534796afdd2899087db233be24396ab118b5733f6041de9cbe7c662116ba2d75b74fea1136d943ff007711381a1ac1f316d1da19597e77ed8d30a5cdeeb2
-
SSDEEP
1536:KxJz2S4XSXIWwBbhqwwOKd/W4/u/Y5Q6z0RFHWKQp3KBJ6Pz9WUpO7CbgYne:wxiSXuowwZh5/uKQm0c3KOPzg77D
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1844 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1844 AcroRd32.exe 1844 AcroRd32.exe 1844 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c3e28f1cdbef776df08d34d807fca2a8_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1844
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5dc45f959ebe3e8181d1e0a674586aca7
SHA1880475a6601474732e8730e0c49318a23167de6c
SHA256f3290e8ae54258370775ae5cef6a26197a0df594d14bd8b46d0a7b4260f9df04
SHA5121f92bc4d7d0767e80c1a8302bda0ddbe74f0c9e1c5afefab90199501e79e6a22ba4245da1c9ed0367066632a3d05dd332224322d631bea70547d45cc579698e2