Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 03:16
Behavioral task
behavioral1
Sample
fe4cd2b7d6eea48f161f076f308857b2_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe4cd2b7d6eea48f161f076f308857b2_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
fe4cd2b7d6eea48f161f076f308857b2_JaffaCakes118.pdf
-
Size
77KB
-
MD5
fe4cd2b7d6eea48f161f076f308857b2
-
SHA1
d5979d95baa72c3a9f6dbaaa2a4ab5ede7d3b58a
-
SHA256
8b5303493235dcf81edda7d82cd0ed76c2adf849aa4bc527373b2e856ccd2e9f
-
SHA512
7d6487b8665da26b659c6c39719e80769bd56206465b2088e7e4308957e1dc7c9b69dfea48e96c3ce2e216be25ed4b1e0d9c2fb379d296875cb3172695effee6
-
SSDEEP
1536:qPi0qFw+2d9sTH7rjU7RpaomNg/W1nQXEHWlCOAWxApOGCNcByc+:1bFwLzsTfCRpadNiSQUSZ3G4I+
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 868 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 868 AcroRd32.exe 868 AcroRd32.exe 868 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fe4cd2b7d6eea48f161f076f308857b2_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:868
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51e6469fae88becc0e667795c8a4e3398
SHA158e3bdbe1d3afc5e5dbe521f0f16a423ddebb94c
SHA256103d074394b023731ca27b8c9dfa8fb1b638c1b828d5a276fbcda39d1becbbdf
SHA512dda1b813d6eee50d05c2b09f491e57c0466428b11b44e1ff0a1d5d669592166e1e204aa76caaeb2c1a1248c3f2ff4cfce62d7b1b8e7400ddc045b6a42b80177c