Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 08:35
Behavioral task
behavioral1
Sample
e9953e32454d06db3a758d3958481a3a_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e9953e32454d06db3a758d3958481a3a_JaffaCakes118.pdf
Resource
win10v2004-20231215-en
General
-
Target
e9953e32454d06db3a758d3958481a3a_JaffaCakes118.pdf
-
Size
35KB
-
MD5
e9953e32454d06db3a758d3958481a3a
-
SHA1
14928ff9c1a1ed12ba662fa25ddd21dac75e6eb5
-
SHA256
606f7ee956e18cc52b6dc32c6a81970e67eb63a7b373eaac6a3df09aa94e1397
-
SHA512
81d894420b489e4189522ef20258990291d0bb2669865daea48e6db449ffbcd0e9b5bdabf7d5ae7c53a7f75d45ba9ea80770173ffcfc1a9d6951d4cc63782f4c
-
SSDEEP
768:DCqloqbJcuspVajjo96NV58JZk98TmSYLXGouPH:Wqlrct9Q5iCmTmH7GouPH
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2032 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2032 AcroRd32.exe 2032 AcroRd32.exe 2032 AcroRd32.exe 2032 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e9953e32454d06db3a758d3958481a3a_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2032
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5496cc29b22b78e7f0f1719cbd7500868
SHA175b208cadb46ba274e6912f471606dbe5e9696ce
SHA2560447c104f333ecc1e92e0bb97ee8587d03dfe0f9cd6d0397a31e8c72ce16b7f4
SHA512ad985927e5dc7fe858e98c0cb021d7c095f5593662e552cc528dcdb235844b707f5357d9e7c8e3b30f96dee465a9eb4071ebb495fd3a67fbe588852a67deb8bf