Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/04/2024, 17:11
Behavioral task
behavioral1
Sample
f3f08de0d5694f4bb16257ada0938cd3_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f3f08de0d5694f4bb16257ada0938cd3_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f3f08de0d5694f4bb16257ada0938cd3_JaffaCakes118.pdf
-
Size
83KB
-
MD5
f3f08de0d5694f4bb16257ada0938cd3
-
SHA1
8d0a0e480b97cbb0cb1d927161cab8cbc1acac73
-
SHA256
89cc7445953317e7b85d0cba53220332ab4cb58571ae415f1be9958fe295ce4f
-
SHA512
178939ced2293697403ecd100e093f58ea4bef284c968e17dde26c58a490dfe126ee56a38e8731b7e7a3f79536fd5a1f0f49b19abfe6d6771376e06fadb64ecb
-
SSDEEP
1536:S7NIEFhkNIMNV4zoWF1RLkvFFPHWHpOvTWnll8dAHDd9LgIObn2cTWeM:yBFhkJC1hSFTv8l8dAB9Lg9b2ck
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1500 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1500 AcroRd32.exe 1500 AcroRd32.exe 1500 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f3f08de0d5694f4bb16257ada0938cd3_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1500
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c628bd7b6a7210b31117f9cb745e0dd4
SHA19a13be44d964e72af78400632ec6389c37a67d65
SHA256b3d8cb615f2fad4db97d648a7f13ce4dbddb86b5475cea13066616eabf90387b
SHA51262fd66cfc99b6c5a78dcdf414cb8fd416b5fa4f0f7bf6f5e23b5012cb992dcc4cdcbc29842f5df8e09d5115d89c2930b450735e08dc7dee22fcf704c41cc9a1d