Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/04/2024, 22:10
Behavioral task
behavioral1
Sample
03bc9750b60a5743e00dc2a0a1c1e502_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03bc9750b60a5743e00dc2a0a1c1e502_JaffaCakes118.pdf
Resource
win10v2004-20240419-en
General
-
Target
03bc9750b60a5743e00dc2a0a1c1e502_JaffaCakes118.pdf
-
Size
54KB
-
MD5
03bc9750b60a5743e00dc2a0a1c1e502
-
SHA1
ea98167c3707cf5955d93d2b214c4a326d6a11c1
-
SHA256
7dcdd140544e1a86aeae9949d3466b23999f0b24670c2066b76c75533add5707
-
SHA512
6abeb1a3a951194c2d5b48cef966ce55458453e0e1bbb7d2364b25f5db75c098fa376af735847e1f1ad875f58cf707e79138f6bbd28a7a1976d4e30ae12d8f4d
-
SSDEEP
768:pgGzpDIOHapyoSeD7nBb/Xo7grQA8DWm3cEhOhIA0MZj2wuZcwB4wlWnlANFmt2d:KGFcOg/X1PLAEjmZcBwlWls0t2d
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2388 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2388 AcroRd32.exe 2388 AcroRd32.exe 2388 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\03bc9750b60a5743e00dc2a0a1c1e502_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2388
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5506aceb1b5e7888d52ea39a5d1554ca3
SHA1d0ff3afff3352cffa911ab47e2c4ad44f8905f42
SHA2569e855c4a879042d80027959d9ff68e09f5c2c119489ad453d68f7463564e126b
SHA512411b8e35a3ef9a1a82f0869dbf7aa960e83fbca3d4e360a7f2b7abc1ebe91b4b47e530f517ab76623fbe9d4bbdfcfa6945ed7f24491f659c64e71ecd588b4b28