Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
15/04/2024, 22:27
Behavioral task
behavioral1
Sample
f211b97d4da797070751f563ab752f1f_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f211b97d4da797070751f563ab752f1f_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
f211b97d4da797070751f563ab752f1f_JaffaCakes118.pdf
-
Size
96KB
-
MD5
f211b97d4da797070751f563ab752f1f
-
SHA1
cd59db323882fd414088a6ec8d92eccc080cf6c4
-
SHA256
fda448b1fd92b9f344cde6c40d542d0650fa1e52265b745bc77425def7f7f28b
-
SHA512
4374f8094444af6a244ca7515e64141e9ac988bb7100965a2996de8836f9046cbb6a32956db2d43d89bbc575990302addad9738173a8cec968f12c390f38313f
-
SSDEEP
1536:Ksa1P0cScuOja+roeeGs/PdsOFi6eGbPy5svNCp8KAdh4XM//jNeWxApOGzW8RNn:NRcFgqQxFyGr13tOM3jNL3GbHT64
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2956 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2956 AcroRd32.exe 2956 AcroRd32.exe 2956 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f211b97d4da797070751f563ab752f1f_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2956
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51013d24e141afeeab015419ae9ed98c1
SHA1d01f2c25bec1b953843fb5ec06f7df40ff5bbf5d
SHA2569d9484bf0284f45d5c2d2c80d1d3f78d1f69766cdfe4a752999a046beefb7140
SHA512fa297aaef1c605fd218b0e11c6b863a384c3c4fd87120a0244af39f2f60aabc5484b8cfd048fe80a7f521af65455db0c48dc5b9deb4f081326bb33e70955054d