Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 00:28
Behavioral task
behavioral1
Sample
fe004a4ce4b4a552f388f5ce95dec2f7_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fe004a4ce4b4a552f388f5ce95dec2f7_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
fe004a4ce4b4a552f388f5ce95dec2f7_JaffaCakes118.pdf
-
Size
71KB
-
MD5
fe004a4ce4b4a552f388f5ce95dec2f7
-
SHA1
ec8afec541afc66978cc8ad57b989e864dd255bc
-
SHA256
f180e009f40823be021766d0ac6c9abed9e3103f9438c4ad7d64b308b225bc87
-
SHA512
ae0be48909c6e5dc90aee5ec46ca8abbeb45106ed5e1c0d887cc35b1a4e8fac71cdf9ecf96445520a7927ce4527dbcb25c4b7aeed224965a0055fff6ab46ee33
-
SSDEEP
1536:ZJjwzOYQ8wAuThHzldX28bNxWapOtQHWnudDrVQMCjY/QwZ/oYx2:njMBQ85uNzLm8B+tQouRKzjnzp
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2404 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2404 AcroRd32.exe 2404 AcroRd32.exe 2404 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fe004a4ce4b4a552f388f5ce95dec2f7_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2404
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5464a134bce7eac0e8f12d8975b84fb06
SHA1eb582c90548c1bd30c0c9bf99dba03f2a48b16c8
SHA2565a5695e943d643f8235c2eaa581eeb86240ca1b19275cc75da9b613a79ce3c2c
SHA5120986117008cfa919b2f5a855b4a41fd69cdce9211c0a1df272e8cdda0184e19f33b1d151a4b14d99662ad748552b51626794d3b8d431ef07f14a95ccae55e338