Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
05/05/2024, 05:31
Behavioral task
behavioral1
Sample
16318127befdaccf1eb9a2dcfbcd5f89_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
16318127befdaccf1eb9a2dcfbcd5f89_JaffaCakes118.pdf
Resource
win10v2004-20240419-en
General
-
Target
16318127befdaccf1eb9a2dcfbcd5f89_JaffaCakes118.pdf
-
Size
31KB
-
MD5
16318127befdaccf1eb9a2dcfbcd5f89
-
SHA1
e55e90552f2dda40d5368d8e37a33fc322c36552
-
SHA256
4c089cb65d8ca75a7d6fc167ae85ac35ec9945a176bc6cac23126219373ac9a0
-
SHA512
a0d2c874c9b9743d598235e902535fcf325996227c5c952fd69a2228424fc2a59c934c5772aa41bad36fa9fe41251fe32946d624551541458df67975f80caa03
-
SSDEEP
768:JXuMZmwgCLWarROUSd6kxUgCuPAU8KIBgSg+zvcXP:JXFZmGWSi6kyr6z7ShgP
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1660 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1660 AcroRd32.exe 1660 AcroRd32.exe 1660 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\16318127befdaccf1eb9a2dcfbcd5f89_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1660
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c01d68baa8383574a6aafbfd2208824f
SHA1afd4a7766503742f7bebd962d34b35643751fa34
SHA25678caedb52819de809346cdd6aa5c29bdc3e9218325aab888af197d8a1aa37c50
SHA5128ceea3df0c7160e10fe546e3175689973d50ba8d0502a018622bed7d886adc52897bf14b87478b6cfb44c66988cae8dfcaf0c591ff0f7f597da3cb083a226a30