Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 14:14
Behavioral task
behavioral1
Sample
ff7663ab8a44635eda448df0bc78600c_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff7663ab8a44635eda448df0bc78600c_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
ff7663ab8a44635eda448df0bc78600c_JaffaCakes118.pdf
-
Size
114KB
-
MD5
ff7663ab8a44635eda448df0bc78600c
-
SHA1
c56514a7ce9b5474517c4d0547aa39ed8f9f15e8
-
SHA256
3bf894bfec004489dc269128ab45d9a1799379dbbcde29b0ed2abf44b0fc3e88
-
SHA512
2614a101f5c8b1baf89cad0cc40d9d03e0fc2423baa23287c20b6877f6add342f14675c530944075b5723f060b4828ad9c1b6982a39c04ca3b4d78b8852a3e4d
-
SSDEEP
3072:Sh4DF6p/5yyV2XzlVZg3QBdreedqRxwMHSwSL/i:XDMHydRVZwQBdg46S2
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3000 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3000 AcroRd32.exe 3000 AcroRd32.exe 3000 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ff7663ab8a44635eda448df0bc78600c_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3000
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5cc9aad37320e521e3763b83820d49531
SHA18820c31c0a1d0da2a63ed3252a68f3586cf854e6
SHA25657ee9789a413871b3b1bb788707a1e6215cf9c17f405b1d54ace067eb1d48af0
SHA5123b279da5803b217eaed675e9859188ca6edd0c78ca7c96199d6f9fbbd1c19d72c8459b0ee03cd70cbae8fcacf41811e1d0dae5918c645bd561c4e1afb5be62b0