Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
27/04/2024, 07:22
Behavioral task
behavioral1
Sample
02b6b2a489064005e6465a49e256c7a0_JaffaCakes118.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
02b6b2a489064005e6465a49e256c7a0_JaffaCakes118.pdf
Resource
win10v2004-20240419-en
General
-
Target
02b6b2a489064005e6465a49e256c7a0_JaffaCakes118.pdf
-
Size
345KB
-
MD5
02b6b2a489064005e6465a49e256c7a0
-
SHA1
673f8f916f5bcdc7ea2913b2d7005cf7bedb521e
-
SHA256
4ef10dde9e331100c2f699f90b9dc5382dee656942b8fe18cd662fed61ee93a2
-
SHA512
f981826724d4122973fc1c441b839da957a94c8e0681db4d5f5b0755a32a393e1face260a45dab6eade6044f0c50f17e19d21fc0a5f0f9af038a01fa92bb3357
-
SSDEEP
6144:wd2lc6ag3FkQ/rGO5nD4S8lFAkddK4enqMbhxJBiNC9YxMcHOyXD4V9erCKyPlD:jlcPm/rGO5nD4SIAkdhwqMbXrGfxMwOl
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3048 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\02b6b2a489064005e6465a49e256c7a0_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3048
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56374b8968361d97f6e7fa8a82a495847
SHA16e51e2be4ee23f7447b26f0ead85e5c3b23fff82
SHA256df83b06d0332f5d2a946ef40010514bade44b941e7d56a139ca71aa7edb08e09
SHA51289d42a94c719eb03699f0e2af74cf27e2433a4b51609bb4c3bbb00e06fa9bcf335eaad1386a6a0d35b2e2098be1485714e5903fc89959586e5cb62f54c300f87