Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 17:01
Behavioral task
behavioral1
Sample
f640d0faaf5f81f240d9fd0870e151e6_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f640d0faaf5f81f240d9fd0870e151e6_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
f640d0faaf5f81f240d9fd0870e151e6_JaffaCakes118.pdf
-
Size
87KB
-
MD5
f640d0faaf5f81f240d9fd0870e151e6
-
SHA1
e08e156c436b595fb4aaf12be7e6d7349d1ef42d
-
SHA256
608324b7b10c5624f239ed07f344808ae21aea5e46183dfa538bdc175d4fa93a
-
SHA512
5d442f16687494cad65e865e26fc229f9c3d55389247c2f09b5d180a5cab218e7eead333f83433031ca50e3fa637238f770ea33c4bbdc0bcb242743029266b81
-
SSDEEP
1536:mX8mhPigKxU7hc1ihPijqTweGy/kDrGn/tjcHh55MV83l3SlZ3RGpfRIpDoB4but:28Y+swiGy/kvGne55kW1gZ3aREov0Hwb
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1220 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1220 AcroRd32.exe 1220 AcroRd32.exe 1220 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f640d0faaf5f81f240d9fd0870e151e6_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1220
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD510e254f703f45b931bda4d98575ff7f4
SHA18a75ad0f9ec1632df838846ac8dde1e059f17eab
SHA2567d7e69eda82a56b772a3e00dc75360e428b1f0e9554aeff5ff4c6e7853e0e799
SHA512df17112617f2addad2b85f0655a3fa09c8400e9bb4286a6ea80cc7f59544811226a72dcc0a7cb2b76339741d846552a3b36fbd1df4a5bcbd54e68c0fbd383cce