Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 10:37
Behavioral task
behavioral1
Sample
d15c29b1e5e5a3b6cdaab8c19338fc79_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d15c29b1e5e5a3b6cdaab8c19338fc79_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
d15c29b1e5e5a3b6cdaab8c19338fc79_JaffaCakes118.pdf
-
Size
74KB
-
MD5
d15c29b1e5e5a3b6cdaab8c19338fc79
-
SHA1
e04d524375d429a5034545c6fe1b84481dc97ed1
-
SHA256
aa3a9871b89bb882c83b92405cdd9fc8d3ea3ba604f0cda79eb3cb6a530373f9
-
SHA512
c3a1614304e680be67de699c361eb1c03e135c0a76ccfbc155d2393ce93ac9c8706a3503ed1f269a1ad15e9f67a41e86fadc1c103525c4cb502480ed07e2a5cb
-
SSDEEP
1536:nETULPp3BqjPsnQl4Y3Np8HZQIsQOWOqVPt8WGpOKCWfI9xfeY8NyQh3s+hG:JLPr32h3/8nKwxWYGyGsx
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1252 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1252 AcroRd32.exe 1252 AcroRd32.exe 1252 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d15c29b1e5e5a3b6cdaab8c19338fc79_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1252
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52124c453e014807ab91bde41150149fc
SHA1dd05c20ca19cd112135708bc8f2ad608aa3ef280
SHA256cd2f02a2e83a898d318a8ebc38732b716e3d9cfeff762be6844515010f2eb47d
SHA5122610710a97a955a87e40a3720718fb888da0020f4e4e09dd16204fc2444b0882a910bcc15f6f926faf13d3bdbe0599e9652bb2aedcdcac7c80319bc4e369df68