Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 16:32
Behavioral task
behavioral1
Sample
ea6caad75b416e0da1d0293388ce7104_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ea6caad75b416e0da1d0293388ce7104_JaffaCakes118.pdf
Resource
win10v2004-20240319-en
General
-
Target
ea6caad75b416e0da1d0293388ce7104_JaffaCakes118.pdf
-
Size
93KB
-
MD5
ea6caad75b416e0da1d0293388ce7104
-
SHA1
ddf6817349f291bf7002ab8f870dbe71235048fb
-
SHA256
9aeb561497630a92dc6d7143af9c913178d6c2cc3e042bad8f430bd475e98621
-
SHA512
bb3c7d7dc9e84246bc4c3a6fd5ac2648ead947e24e32a4841a18ff596e78f69c2eb4638828dadd5773d0e79e4c6942d4471bc2fc5c96f660aecf90c2c7e363d8
-
SSDEEP
1536:/qdz+wv80k3sP1TCoVmyAFAQM56urS9Pi2UbWepOiCWcbs6atFyLrWhuICO:i1l8XFE6urSw9kiKNaOrtc
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2120 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2120 AcroRd32.exe 2120 AcroRd32.exe 2120 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea6caad75b416e0da1d0293388ce7104_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53d54cd0e9ac8bf5b19aab283ebba4845
SHA1b0c889d9e87d1f4a8087877403cf781065ec1874
SHA256e62a7ceee71a79b95de4df4cfeb6f810e537494131511eaa782d8f02e34fbca5
SHA5129b6a38848706449fd4d1980b31d18023f293932c953802e244562a05c01e40d4ed09def3c7c521f07e34d1a09b1881e5d79694cfdb9d50c380224e1bddd66af3