Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 08:59
Behavioral task
behavioral1
Sample
eab5d8b6b0a17190de70dca3e8501847_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eab5d8b6b0a17190de70dca3e8501847_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
eab5d8b6b0a17190de70dca3e8501847_JaffaCakes118.pdf
-
Size
81KB
-
MD5
eab5d8b6b0a17190de70dca3e8501847
-
SHA1
31703b749626e981427a2e71afdce4c5122e0d9f
-
SHA256
cb2663f05604f2f27b19b6a9a6f1bea825d3c11a219fa0e531ae31ed65ed75c0
-
SHA512
34453b1a944a1be8c80d60e8b4d7c4a97a623b24ebb8d20cf0d9fb0a48e42bfbc6faa8f5b61941a5e32a376df000d005b5be34b2a3170d19b77d8cfb1ba2637d
-
SSDEEP
1536:DUs0gvINzH+VtnqvxFQrHAzXx9DZZXL3F2rw9QCj60TMW/l1G6oe2wTWmpOS2HHL:aNzHqtqJ28zTDZZXL3VRjfT7lgj3wMSs
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3000 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3000 AcroRd32.exe 3000 AcroRd32.exe 3000 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eab5d8b6b0a17190de70dca3e8501847_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3000
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD546a9842480e26eb69c17d841ab4ce563
SHA1e566a206052fd7a03989c21737ac289a94896369
SHA2563b55293b86ba9e21e51c03a6a50eacfca509ccdb517aa0162038606ef8d17e8f
SHA512cfeb1eed3477b36ed8cecaee16905ff0a5aa6a0125d05d9277811e7f05746f4dfa46cc52d763167ff36a5653c73f3e23a27a4193fdaf886a09432c4b4239232b