Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 03:46
Behavioral task
behavioral1
Sample
e924cb2b8d3eaaa70698bd7c0cedc7ba_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e924cb2b8d3eaaa70698bd7c0cedc7ba_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
e924cb2b8d3eaaa70698bd7c0cedc7ba_JaffaCakes118.pdf
-
Size
84KB
-
MD5
e924cb2b8d3eaaa70698bd7c0cedc7ba
-
SHA1
4e5ca96a5909b00ab867722c498c366f2561effa
-
SHA256
e5755463f13c914fcf25a55f7432e7a4d3b83eabb17c8a4700aeed8eda44f1f2
-
SHA512
46795a035118549299622a12c14189c8ec0b0d1186f08969b2df46b090fc47a0d7352720f4226fdbd8f4b8b9aa079733df4f5da16f8c3f175c6053ad2ed5dc58
-
SSDEEP
1536:A7R2hiu8ZuVRi+zDpIcbMsWdUfr5wiNraBX9tqjLAl6c1EvteZnWuLj1GVqvyAW6:Su8YcgDpIOWdD4twJj8UqX2WNVw
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2244 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2244 AcroRd32.exe 2244 AcroRd32.exe 2244 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e924cb2b8d3eaaa70698bd7c0cedc7ba_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2244
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5af39e442686d79dde2ecfc47e3d83e08
SHA1ca92362983527240791ec52fdad0f4567bec4447
SHA256c2d79c4d7c6f1f4f50e4ec60c6d0149fca10c0e2a713ad8e58ae0289e431c772
SHA512650ff89a76b96ec49c5640bad773f89610a2724eef8baed6b183a81a2d099c377a74af0aca4a5520ee977808d1db0303d79af640b079bf34088d2d63f41d5206