Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 16:09
Behavioral task
behavioral1
Sample
edd24bbc47d893f799df239136423bb1_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
edd24bbc47d893f799df239136423bb1_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
edd24bbc47d893f799df239136423bb1_JaffaCakes118.pdf
-
Size
31KB
-
MD5
edd24bbc47d893f799df239136423bb1
-
SHA1
7c2fb34fc5929fc27661cb98be268017caca092c
-
SHA256
0f552c4f7c45e3fac3fc437bb0759fd7f5c3b1cdfb1c3f4c08005f7cea789890
-
SHA512
1e2488077672bc7a8c3cffefed82680739aec8a90af4cf07a343437b896b60e26ac43bbb4c0927f076217b25b06394f69ce3843d01fecf370a487d385208b10e
-
SSDEEP
768:7gGzpDYMpW0fEEAoRdm6G5tDGgNbD0lbbWlljBHHFmZt:EGF8Mjfu8m64iWlljBnFmZt
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2160 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2160 AcroRd32.exe 2160 AcroRd32.exe 2160 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\edd24bbc47d893f799df239136423bb1_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2160
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f3807e4d964aea678f6b23a8a2215336
SHA1f7dd622342b8e246616abe6f53bc1f66c6d3c73a
SHA25654e949448a053c2fc0880dbf424012deed917bdabfdd97542b64d6dc801543fe
SHA5121edb6e9d4e861f3d94c3e446cc2987bfb80388aab82ec21245cd4a9cc7471ed611c790139ee4e81f7cda9aa46787f26d6b03e141b181ef6783cad8ce3913211f