Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 17:17
Behavioral task
behavioral1
Sample
fd3b851ef05f59268d6eb31dee2200ee_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fd3b851ef05f59268d6eb31dee2200ee_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
fd3b851ef05f59268d6eb31dee2200ee_JaffaCakes118.pdf
-
Size
42KB
-
MD5
fd3b851ef05f59268d6eb31dee2200ee
-
SHA1
bc53af5cf305707cd0dd1b22a590726cdacecabd
-
SHA256
0a04e113eeb08262d206b3675927bf709f790184e6c27619841c4bc45e7b57bf
-
SHA512
abadc0b65305d9fec5bb5518236aec13e1a58a5d56a1c7be7d0c89d6317600b48cd8b06676a256605f77cecacbd4539560958fd0d007a42d8ec38f256844c932
-
SSDEEP
768:WOcTKfL6Oeg61nqDOoIE0y5HXxhDwQ1TDJ7s8qvoo38QhITnf6B:GTKfZeg6//yV9Bw8yoo38wOnyB
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2972 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2972 AcroRd32.exe 2972 AcroRd32.exe 2972 AcroRd32.exe 2972 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fd3b851ef05f59268d6eb31dee2200ee_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2972
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55a07f2c1987f1e6615d9a6716d0e4106
SHA13d627ac0f9f55ac36e08837ea4137700517815ce
SHA256a1ab7f47eb83812bee62f5e6325528060ba9a5170deae2e379db84e669059a87
SHA512f28d7d80f350e02b7b0abceafa13e0fef2e9135d4326617a36d8d053476b7c78abd71b2d7d755119ba8be08bed073af78fde07231d57f9ca5e2129214aa3eb65