Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/04/2024, 21:19
Behavioral task
behavioral1
Sample
f1f270c94f5e279ad5c0028109097831_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1f270c94f5e279ad5c0028109097831_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f1f270c94f5e279ad5c0028109097831_JaffaCakes118.pdf
-
Size
81KB
-
MD5
f1f270c94f5e279ad5c0028109097831
-
SHA1
2cd2dac9a80df6442fcfe8b764eeb1d7157b5083
-
SHA256
9838bc131c7234ed305f972848354be269f3097de817501b1209dcad76d5ce2b
-
SHA512
60d98fe33975818886a2c0ceec78b2d4c3e6771a2a579329f4a28fa40a242b22973b2d8fd67e7249bf9acc0de743041d88ed0882e68c97bfe8ee3b06504596d8
-
SSDEEP
1536:tYLzgCILGOw4fbBX84FNcrDMu9a5CaWTh3TYW7rzuMC4bg1pRWtSW8pO+uS0:iLbISF4fdXV2M8a5/i3T73fC4bE+t9+w
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2992 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2992 AcroRd32.exe 2992 AcroRd32.exe 2992 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f1f270c94f5e279ad5c0028109097831_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2992
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5520e597fcb3c8debd11567c357c88dc6
SHA173291ee9234bd70a30bcd0cf1a82eedc009ea687
SHA256ae084da024277be3c06019f7d61e17ae98bbb148e9c7be13ca2f36cc77290428
SHA512365c568686cf0037ccc61b6b511183a46e64b9ff90f40dac27c4b51b9fdeea568122b4dc87b021adb08ad65e05aae934e3c61f9b3165ba9f12c8d6203838fa34