Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/04/2024, 20:36
Behavioral task
behavioral1
Sample
f1dfbdb4b1e1bb0e4f641346688bebc3_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1dfbdb4b1e1bb0e4f641346688bebc3_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f1dfbdb4b1e1bb0e4f641346688bebc3_JaffaCakes118.pdf
-
Size
81KB
-
MD5
f1dfbdb4b1e1bb0e4f641346688bebc3
-
SHA1
453e39c8bdae3c1ef0bcb91fb2780eab0ceb0704
-
SHA256
05fa6bbd28a228c27a387e341f7dc87484ddb16b82cb86d0fdea86b979c69075
-
SHA512
98a5e182094d04aa0d5c86536aa6c2de818c6cc9ed436001171c9f9c37567473c73713c2032852e6e9c05fa7a525fd50f70f2081700d052021d957f714bdbbe5
-
SSDEEP
1536:D3/ILncuCspgRvfjslB4GD7mFDCUT2YRJA2TnZGzsIv6895hGjWCpOViIWK4AKHw:ULrp0kZfYRJ2IeFhGUVitAm3Ar
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2060 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2060 AcroRd32.exe 2060 AcroRd32.exe 2060 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f1dfbdb4b1e1bb0e4f641346688bebc3_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2060
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55651ad903763ad917f396fd3bca12788
SHA191f44d1a4a6d9dfe42c8ad0903643d53bd7ede4f
SHA2560d5253dcc87dc981fdbcb053d922a5a2a51cb0b7954293b2059b22a73ed6a512
SHA512bf3c727621a51ba5486427801092578aa1c9b342754f142c329394c4256f65fc3b16b5049b885867d0629ca70d38c19bd38b3f7e123899daf6ae3b70c989588c