Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 08:09
Behavioral task
behavioral1
Sample
ea9f95742f751de42002e2192fe4886d_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ea9f95742f751de42002e2192fe4886d_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
ea9f95742f751de42002e2192fe4886d_JaffaCakes118.pdf
-
Size
92KB
-
MD5
ea9f95742f751de42002e2192fe4886d
-
SHA1
0d544ffc64fa8a6a5ec5b698ec506d02ecac9e32
-
SHA256
806dd2b00ce973ecdeb62af031ff116d3a433296e57ffb72ed0dc87eaa27556e
-
SHA512
844cf661c82a9c2288a3635b2a2f73074edaa2d0eab4d1ef0f8d418e4607e6d8d879ac2f587130e8476da60d7bb867c9cbfe28e0a65346b6e2b63f47574ccc5b
-
SSDEEP
1536:k73ZZ6mPpdro+JHr1FLAyqQqWSnrfgKU9W4eeroEIW8pO7Ina:IpZL3JL1FLLCnkhboEz7R
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1444 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1444 AcroRd32.exe 1444 AcroRd32.exe 1444 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea9f95742f751de42002e2192fe4886d_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1444
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD541f97e837c33744b73fdccf2a2bc2927
SHA1f2f036a72ea41e2e08b663cd64d03e89138a3be9
SHA25658bab32fe1c3815259f5086c1c012d2649a7e726327e89086571aa04ca24bf6b
SHA51277b17796cf2bd4be9badbc2f282a4251af6c14c76f4b624f52a6083ef184fe22622f2bc96cc6c8a83f92a1c47508bc00523cd440da8848fb777bf15a94fe57dc