Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/05/2024, 14:51
Behavioral task
behavioral1
Sample
0c15b47820913f302a705b32f3b6814b_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0c15b47820913f302a705b32f3b6814b_JaffaCakes118.pdf
Resource
win10v2004-20240419-en
General
-
Target
0c15b47820913f302a705b32f3b6814b_JaffaCakes118.pdf
-
Size
32KB
-
MD5
0c15b47820913f302a705b32f3b6814b
-
SHA1
f3153179126a735a3a9466be68a636d2504c077b
-
SHA256
6ff7093dbbcd241be4f153e97c1e1be7a91445dd1040a5687edc4ce9a9e24b0b
-
SHA512
867a3ca363abba17deca52f062696f1ac3cb159f0a0ee6c9ab6106f34017b4053daeb093dfa61a19d3af834299303b34db3abdd2c2a3ffad282b8f65f320e463
-
SSDEEP
768:j4klGQbeRxH3dRZM9k4lH1lJ5EtV/OrXTP/ylBl7UQinVKE57XuMZmwgCLWarnN4:j4sGQbeRxH3dRZM9k4lH1lJ5EtV/WXTQ
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1540 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1540 AcroRd32.exe 1540 AcroRd32.exe 1540 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0c15b47820913f302a705b32f3b6814b_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1540
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5498ba04e6999c5b912b10aec1659bf30
SHA1b8ad40598b8da3692ae5fb3ca5111386b0889fc3
SHA25666bbfbcdab910198accfe51d82cb12a142fb1decf5216d26725d6f0aa93c8883
SHA512d257061deba3b95858050e97d2b05761cf82afd7a2fb67a0dc17d5aed9d482849dffc0b496b7c68e3a9c0f261150a71b347acc548553cecb7344b1001accc745