Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 07:15
Behavioral task
behavioral1
Sample
f54254c79ae573fd50f6a53d2cb3b519_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f54254c79ae573fd50f6a53d2cb3b519_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f54254c79ae573fd50f6a53d2cb3b519_JaffaCakes118.pdf
-
Size
83KB
-
MD5
f54254c79ae573fd50f6a53d2cb3b519
-
SHA1
07be23deec8aec14fafa6369c81bee5c5713794f
-
SHA256
f5d6e525d8f4a93689649fb65a28b7df038b5b2990985921997e1da51a7acbf0
-
SHA512
157f4a1046f8f2ff7645a99ac220d6e9a96e8ae0c6e7c1934ced23f916fa679d814d21a2dd5a1764b08b44ef832595b6407fe17a2f8902b4229556664c872c50
-
SSDEEP
1536:+PlKMJelqkoUTK3cVH0Vetx8m0xjWcWfLtSwOrehyWOpOaZIgFB4q+5z:+lKMJEoUT/UAtx8m3DZSJYHaZ9QJ
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1760 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1760 AcroRd32.exe 1760 AcroRd32.exe 1760 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f54254c79ae573fd50f6a53d2cb3b519_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1760
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD531cd147719ce36880aaf994868483d81
SHA1718c5f2c3d56727c5a9034351f0dc7feff78e4d5
SHA2568bf20be437076f1067a4f25e3f283c96dfc235a30c6ea22b897d5b0c51718266
SHA51278c6bb6213c309bb92f06b475d69c8b003d0ff36b5d5972d98f9a8ac17d268e8fc8d5f794bbe3bef1837cd750a1010500f3b51618053d483bf4f17176e7b6711