Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 14:14
Behavioral task
behavioral1
Sample
ed9c5645b9c5a755316ef8aea698bcf0_JaffaCakes118.pdf
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
ed9c5645b9c5a755316ef8aea698bcf0_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
ed9c5645b9c5a755316ef8aea698bcf0_JaffaCakes118.pdf
-
Size
82KB
-
MD5
ed9c5645b9c5a755316ef8aea698bcf0
-
SHA1
6c6778aca20e2ce54e8c5b5a15b612be2754554e
-
SHA256
12c852d4f1580408e899a52f5b9d92badfb3a9b39e019b96fadb0cfccf5fba33
-
SHA512
92c66ea98b37c7b38c54833b8d3c839fba2b52cda73905f204676429c6029ea97f3147b2dc091b3be151391f84181a60c85545d361121a2bb114ebb73c70db3d
-
SSDEEP
1536:QTiNJrch87WqGHshP3BWz0XmXLZbPDpjusXWCpOVij1wUQpNyWiHqVgyJcX9MG:kAJAh87WqrhfBCbZbPD8sAVimUoYHwg/
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ed9c5645b9c5a755316ef8aea698bcf0_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2968
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50262bd549cbb9665656b94cfe1524384
SHA1af783b3fd0a79bfdc6b4267b0d6584232ce95412
SHA2563bf9a2b4205a9544490cf92753126a9dedcb140954bc36bcd261de7c2a8733b6
SHA512af15d2807e1a7d0c0da3576197e6f095b3678ed8ba3b1793c076fbd098328c0df11a77dd0789ac3c2f69238ae33da4da05962208c7b2c8016ae7e0976d665218