Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 05:33
Behavioral task
behavioral1
Sample
f75e748d59976ae395fdaaa29af2bba1_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f75e748d59976ae395fdaaa29af2bba1_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f75e748d59976ae395fdaaa29af2bba1_JaffaCakes118.pdf
-
Size
78KB
-
MD5
f75e748d59976ae395fdaaa29af2bba1
-
SHA1
916d56c1fd6a171e260b1f02c228b6abf7f35f57
-
SHA256
c68b465e9998876abe9199a5a386fda5410552ff5d0282e2a3913069f907b0d5
-
SHA512
84cf59c5e2982c9550a46a50b3ecaef8db9a24d92b219f7bf999e25d219ad0e8ccc712d71368bf3185aea7f37f7d097d53eb135bb23ce05f03496d04502f3889
-
SSDEEP
1536:MSkXQux/ziQaxp847vYJHM4ooy0LS9zOjiqSq8WypOlLKysHWojs20ah:2AuBuQUpZi+QjHflL9sa2H
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2924 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2924 AcroRd32.exe 2924 AcroRd32.exe 2924 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f75e748d59976ae395fdaaa29af2bba1_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2924
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56d276d0c666037564974893a426ce167
SHA123f0f3f2c338280fdfe22e50b3300dcf8e3646cc
SHA256adaf6c27494f69e71e658ec888f341a0d7ddb008137d13f4cc7a47231db18a36
SHA5125e075fb3f472a8a4e5bea2d45ccfcda383e927a1a43406cfc145e1bbb8956ee7e9bee26086c8c841831b2dda281822494e4924ce51eb6be2d08df148757ec932