Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 01:15
Behavioral task
behavioral1
Sample
f6fa421f1fe270a1971d7d6bdb5d4285_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f6fa421f1fe270a1971d7d6bdb5d4285_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f6fa421f1fe270a1971d7d6bdb5d4285_JaffaCakes118.pdf
-
Size
85KB
-
MD5
f6fa421f1fe270a1971d7d6bdb5d4285
-
SHA1
d7fea56a00a1eae295d72d1c7a6919d36a33e4e8
-
SHA256
482cd934731ed291a3f32c4d549260d3a3d2d896fd3ce4273c8ce4754a460699
-
SHA512
7d28d4fc7005daedad9575fe99ea832d30ff6a4c814c74ebc235fd62bdcd4e600ffce03deceb55a68b47f82e7c6e772c2162940c37d32419d414111b115cd5b4
-
SSDEEP
1536:iGXNTmb5Q0ZqviL9NY4WAhUWOVWUcIFabhWCpOVirxZWBAg0W/Hb:JNT25Q0DJWAf69FrVirxzglD
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3068 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3068 AcroRd32.exe 3068 AcroRd32.exe 3068 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f6fa421f1fe270a1971d7d6bdb5d4285_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3068
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD516b1ccbdb21e85094bcafaf3d8f7e998
SHA190f3ebe243c1ddb0d234a5d87cd0ca2509e43083
SHA2563b46a1a7050d45c94f0d6d1eda005ab4c003bc3e29e4c06ab259bf1011e97d16
SHA51297adca29c03430ae28951f2332884deccdcb8b32e3c72eaca797b8cf5a4ce23b139184c8715cea5afce1ce24fae2f6f7d3c4b5a4ff9236b675b8f4037569df21