Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 06:14
Behavioral task
behavioral1
Sample
dd4d8cd7a408b8583bea356313fa3032_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
dd4d8cd7a408b8583bea356313fa3032_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
dd4d8cd7a408b8583bea356313fa3032_JaffaCakes118.pdf
-
Size
85KB
-
MD5
dd4d8cd7a408b8583bea356313fa3032
-
SHA1
6d3ad02a5883a27056f50fbe3798c54d43023ff4
-
SHA256
3e912a849ed93a31e07e0de2be452a32a7e0a716af6cc695afdd6cc2fc398028
-
SHA512
03bf5ff6e0cf0c32feaf073787c08485680ce306bf4541cd17973bbbb0a9f36393f2120b1331ca5d913ebb3f25ed1a22ea598007b679de417531dd92a1c3895d
-
SSDEEP
1536:JH51DAyV/ab8jJLcMUYDY1DPvApUk+b9dlJWUyEm1qdv8YWspORN/Q:J/F/ab8RcMUYDY1DIWNpRY14v8zRW
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3064 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3064 AcroRd32.exe 3064 AcroRd32.exe 3064 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dd4d8cd7a408b8583bea356313fa3032_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3064
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD522de456c7af6b7ac75544933a8868d0a
SHA153a93b7da59ef200cc888a8d219dcc16c171fe71
SHA25642d9a2f91e9838bef3b9cb169c2d5cd9df86bdad30b6a46ea466f23a9c3b8c00
SHA5128bdb003fc37da65a86f9dc2174fec1eebb0e747d4b12cb93afdb398bc8d95bd019d6fa16d43ef97f10ae46f030de4c9982fe059390e1111c2b8018083949b0a3