Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 12:59
Behavioral task
behavioral1
Sample
eb1f56402408a053169d040eaff989d6_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eb1f56402408a053169d040eaff989d6_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
eb1f56402408a053169d040eaff989d6_JaffaCakes118.pdf
-
Size
75KB
-
MD5
eb1f56402408a053169d040eaff989d6
-
SHA1
c959e5b574a9d5be3d9b5d08fc4ae9fc6cf7ddca
-
SHA256
c0c13655d0c713413f8a2902c004a3b7548a7d136d251ccaebb8483c40a46d2b
-
SHA512
9244186a0ca6b0975ccee192b499f63189e64545daeb82577b20e3ea6f85add1240cccfef465b61744a1236280f63545f765e4b749e143954562b584b960f5f6
-
SSDEEP
1536:kHSlbTknFT1j7yxS+X2PztMWyh1aOlL2Sh58O5evtiQrizMmo1k/uK:X6ThGS+X2Ppa3lyowtFNmo1kj
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eb1f56402408a053169d040eaff989d6_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2968
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51bc13c98366125ece5176d7a02c6cf2a
SHA1a428cd42af4302d4961e52f25f5a0ab04c8a1601
SHA256f97b5826146ab06173996e5e5bab8b12f9ceda8c95c4f68e1134edb48682cc77
SHA512a3e55110e59eb7a0ad00fbff572486b7824ffdfe07e0a9471c8898c6c26eb201d21f544b9579cf7de00da9f10bef8b7c77a20bf45da4683ec337ab177594dfc6