Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 12:39
Behavioral task
behavioral1
Sample
f5c9bc03599c45abc8a5868557af9b0a_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f5c9bc03599c45abc8a5868557af9b0a_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f5c9bc03599c45abc8a5868557af9b0a_JaffaCakes118.pdf
-
Size
93KB
-
MD5
f5c9bc03599c45abc8a5868557af9b0a
-
SHA1
f8a6228bdbc475d1f697868c303c8bb3a87b5803
-
SHA256
b7c241c786ac1b8c2e3811524ecb82ed3b7c77145fcb7692011c147ebd328a56
-
SHA512
5fe84ba9c67e23a19bd5f26521b3a1dd929f817f01b1432a6c0197ecfc594cd3668efd694fe31c09102c31bc72b04f384f6657797bbe6902496c052db8bb27af
-
SSDEEP
1536:VvN59VbkTF/9iEBYU3hoc9aByhmIhVWngEpL87BWyr9nBDNZv6ZmAvIfLWXJc6WX:/FkDBxWc9aOVWngEw7nrnv6ZH2aXJc6S
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1612 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1612 AcroRd32.exe 1612 AcroRd32.exe 1612 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f5c9bc03599c45abc8a5868557af9b0a_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1612
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c43ff522e9cc0ecaa505c8b4033eaf67
SHA187a516652d399d62ac536f6ec45e62be3e884aa4
SHA2566ab2a6ced4604f64ede032263becf76005f253fc7e7fd68eca086798e10649d5
SHA512ae50221e543aa70d2aaf7257883e3612d159ec9c541880bddb4d36a20569dc524d7208379d67a9bf557a9aa3b63cb6cd93e3f6390c254e4b1298ceb68198fb80