Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 03:40
Behavioral task
behavioral1
Sample
fe575ad7d858c0846f35a020e82c74d7_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe575ad7d858c0846f35a020e82c74d7_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
fe575ad7d858c0846f35a020e82c74d7_JaffaCakes118.pdf
-
Size
78KB
-
MD5
fe575ad7d858c0846f35a020e82c74d7
-
SHA1
148f2c5e00ee0688112ad43b3975b31eb10e875a
-
SHA256
c4e8738e14420959c0edfb226f002b04f105d3fe947c50864bbee3cc7258ce0a
-
SHA512
42e75dd63561d1fe9cbbc9fcefb9ef64a9e9f506a5db400892f64535af66821acaec8c905a947ac9edd6f0793c20f9414c21a619806d1b3a03c31989f6885c03
-
SSDEEP
1536:TszWEaxrPyNny7DvG/ghhRLnJaxFukwQ3WkNpOPhYhmVWDuwf9HTVTzcdHo:WaxrPony5hRLngxckwQYPhYhmunPzcq
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fe575ad7d858c0846f35a020e82c74d7_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2968
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5101dc7519c5c994be59f4c20b3c6195f
SHA1f07e14c2647ef7acf5b7de85bed4d0007753a11e
SHA256bbb3f081fad8403adf42eb5507159c5316a3da23bcf12a19467e8b7132748622
SHA51207c81dac299af42927210c6efabded6871752268897a3eac9aad50c0e428c018f1fb29e11a96f40c47e758a8d62b2240a52908157d9ff305ea82b81e5f3bbd51