Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 09:48
Behavioral task
behavioral1
Sample
f7bea24c476a4d9aed554e700df4c42b_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7bea24c476a4d9aed554e700df4c42b_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f7bea24c476a4d9aed554e700df4c42b_JaffaCakes118.pdf
-
Size
205KB
-
MD5
f7bea24c476a4d9aed554e700df4c42b
-
SHA1
1b3eb97b002e97e1cae89c54db060a4d323e910d
-
SHA256
1ca286e3359c074ea4dd13dc980669aa313083a56b1b49dbe7a173561e70ca7d
-
SHA512
c82018c4e1ee3d9dd525fb6c11068525eb605bd399d5704670edb28157af80886133db27c46266a88849c18a884ec7b4e4efa9137a4ba4f08f912dbf0a883d01
-
SSDEEP
6144:lbAfbFFym+vwPv1MeR0ddoVTH3xn+Z2xypG4pCE:lbALsAv1RV1n+ZcypGMCE
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1040 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1040 AcroRd32.exe 1040 AcroRd32.exe 1040 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f7bea24c476a4d9aed554e700df4c42b_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1040
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c8f1b4616d134f4b7545a90c351e9dba
SHA13f0128b644e92bd011459c47e3c9ff8905bc54f7
SHA256d3f1927ab540185acdb1b8edf7d57e32409e4eca2c4e488a8ea87704b5980b04
SHA5123313aa4f9bbef4d89e54b420c5929570f5ee10ddfaaa9bbde9f2afaef6d6713b50f1416895e37cb8e51c718208667df5d8f9ede2d683fe93d39dd23187177e4a