Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 16:46
Behavioral task
behavioral1
Sample
ea72e0a766d718904692619546d16ba6_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ea72e0a766d718904692619546d16ba6_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
ea72e0a766d718904692619546d16ba6_JaffaCakes118.pdf
-
Size
95KB
-
MD5
ea72e0a766d718904692619546d16ba6
-
SHA1
4ddd3dc0b456cc21911698b7d19139c0bf97ec41
-
SHA256
307ee80472ba6aeccfc9d3d49b6b232f3ddedebe7de47002646f482f60dba1e3
-
SHA512
211cea6957275180cea5020b2d85c8240fbea6595ca8efe2f4f446ad8c8811c630ee978ea7ad6573bf89b8c50d5710105c4dca0fec146a928b9241976b012d65
-
SSDEEP
1536:8mz+6NDOTAE1xg1ZldP0xANPZl7N/v0/MtNhVWP4g/JK/vjWQpOCoWPS1TPXJ:7NDmT61rdcxANPPx/v37hkvJK/vOCKRR
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1400 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1400 AcroRd32.exe 1400 AcroRd32.exe 1400 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea72e0a766d718904692619546d16ba6_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1400
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5518c2ae8c5b75bc38c3f9bc3027f61d1
SHA1cb396ab57499c5206944ed1f8bd08886537a974b
SHA256f841d7dd767fa02721e67e029e136786a14f8002e08f1a014044053233cc0f97
SHA512cd7f502a90bfa47b360cb38e683b43a7a5fdd991ef0cf9933cac4b31d96aeed0ed6178f1eaa1ced6c95ea427850e85326350b8bccb2f82b22a3680d58e70106f