Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/04/2024, 19:01
Behavioral task
behavioral1
Sample
e82e7e028bf60f0273ba4706cc4d94c9_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e82e7e028bf60f0273ba4706cc4d94c9_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
e82e7e028bf60f0273ba4706cc4d94c9_JaffaCakes118.pdf
-
Size
86KB
-
MD5
e82e7e028bf60f0273ba4706cc4d94c9
-
SHA1
e87e6272ea55c5c2952431e5784b1c8951bf16b6
-
SHA256
aa4728ed1b53168e3fc45ee434685253afda9c2fb26b82d00ddd6bc32d5db648
-
SHA512
09dc90346f21ccb284539c1e4aa748beb762dea96fe1b935931bfc0965c9e86ca53beb6bfe9abc21a69a243638de167cf6846056d9337a0934ecd96624eefca4
-
SSDEEP
1536:mkNAYq9pVR1dMZhNrm+AnM4uSVTw2jaSkZysT5BQIWWypOlWWxg5J68Nt8cNsxCZ:WfT1CZK1MJwwnSkZysT5BQYlDg5JjNk2
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2084 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2084 AcroRd32.exe 2084 AcroRd32.exe 2084 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e82e7e028bf60f0273ba4706cc4d94c9_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2084
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5329f2d445a31850511233ce6e15d29ec
SHA1fdd6d19e1c8dcd6d66a96cf62f45db3e60fce735
SHA256029bb43e8bc3a2c801be56dcf54c630a26d72624ff169833e5c53705f133277d
SHA5127960815a95a81da3005255450835f5fd49e9a154e3bb2cd2e73bdeb3a278f410a2afecf1304090bffd9955cbbd48b0a961ec28d5b4cef65225692a8cfaab2775