Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 15:57
Behavioral task
behavioral1
Sample
edcd482ab294e4797ac6c66bd9eab67d_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
edcd482ab294e4797ac6c66bd9eab67d_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
edcd482ab294e4797ac6c66bd9eab67d_JaffaCakes118.pdf
-
Size
85KB
-
MD5
edcd482ab294e4797ac6c66bd9eab67d
-
SHA1
f430c565f584bfe893a4d77495d9d528211388da
-
SHA256
2b654079a6d8ff278d2dbb0042c6828f765637bcf89a2ce11b2c455eb9116e72
-
SHA512
37417c0409d468ef75733564b83f4b0907df4d0d671cdf5372856007c4ecea945967e767f5babe48b70d1554dfaba1624ffba1d8d7a45a16686ee14a4819bd94
-
SSDEEP
1536:omfq2jliYulplePuJ9hvZLr5NztuheC4lBYmPto3dd3NhX3lcHXWHpOv77KrWKWC:Dfqgl+pIYZ/zxTlotddeFv+WED
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2904 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2904 AcroRd32.exe 2904 AcroRd32.exe 2904 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\edcd482ab294e4797ac6c66bd9eab67d_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52dc98cc06467be72f5c2ffb151a48302
SHA172380ea533d0dc72c78ecf2b07c5be3d441c4fc7
SHA2567d0929bb9fca0ad9ff566a2a0978cf9c968e37d8a34565e329989a97b40caa3d
SHA512e9b32d4664d9053ba847e35c534dc41c99188e100de142a5ee15a6e939167fdefcb99ae015cebf9c3dc2f24d5ac8e66ea2dc0b3f4a468e78fc53bdff1ee0fe43