Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 09:58
Behavioral task
behavioral1
Sample
fc7f47e01e3293857e9982b2fb3c06e8_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc7f47e01e3293857e9982b2fb3c06e8_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
fc7f47e01e3293857e9982b2fb3c06e8_JaffaCakes118.pdf
-
Size
86KB
-
MD5
fc7f47e01e3293857e9982b2fb3c06e8
-
SHA1
ad045107420bae386061812b00d66c7d1ec9657d
-
SHA256
6be5c61e5e58d0485a576cfb80454cd52fb879ed25396ed7f38e1da1728b8d1b
-
SHA512
deab19736c6eadee0f780175df6c24511c8ae07bc01e89b03d4c3ab2e6bcc396c1a1c087d9918918c84e9aea63286b90476a78b6c240c68c1b38bd68ee8d8082
-
SSDEEP
1536:8RMPn5uepUkuviUyG6jS7umIPjX06WOpOwr7bP3dMWltYGOpfqbT+:HzpU99yG6jS7eUwrfPd582+
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2784 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2784 AcroRd32.exe 2784 AcroRd32.exe 2784 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fc7f47e01e3293857e9982b2fb3c06e8_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2784
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD578699b80bf5eb7fddcad18a9d5ac2edc
SHA188fb66be51cf36545cf91a512b634e0fcb7dc4ac
SHA2560d102cf72ba17a387aaba5a6cbf512fa5eb185dfc449f7acf880bcf606974c00
SHA512cb0dbe07a3c6b4e05d707e0562604386faa51620cf028415163d73ac5c7df383277d59baa7e552acf8ff4a0c2db189888394d99dde6697b3c4ec4f1befc488e0