Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 14:38
Behavioral task
behavioral1
Sample
2f9c718e1f5937e6a32df53192883c76_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2f9c718e1f5937e6a32df53192883c76_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
2f9c718e1f5937e6a32df53192883c76_JaffaCakes118.pdf
-
Size
42KB
-
MD5
2f9c718e1f5937e6a32df53192883c76
-
SHA1
8ecbbb0a3f59430574c03241f43521e0e236d6f1
-
SHA256
6fe06b658596b02f08a4d50e7c22656dfd265fe2f6d03694cb4a8c34e7bef2b5
-
SHA512
8411b6c1e619ae9118368b226c146cb052f80c24773e09db5a152c225f7ddcdd72349eb5b32a860a2e17e8f1e3288872b6787425478ae00aa9f7cc07c79aa58c
-
SSDEEP
768:8ahNtM/nKLFWY/ILsZMnhxQndcFEqnUZMWHY+7qPxIVpBqmE55XuMZmwgCLWariW:NhDM/nKLIY/ILsZMnhxQndcFEyUZMWHU
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2972 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2972 AcroRd32.exe 2972 AcroRd32.exe 2972 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2f9c718e1f5937e6a32df53192883c76_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2972
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55e301072c20d5e203a74719fc4943660
SHA10dfc1df91b7a6c70daaef08f14b9dcca727cd234
SHA25629302199923e619fdf624517648b6f5f0053f86d414ae3db1fbe1ed5193d7386
SHA512ce40bd2762197354c93a0e9bdf49a7fdb05ada6c9cbc3dee7183a09623bb19a0da12bbefc71b442926b4186f103bd1f5c7bf1b7906c69355c5adeea1690d84f6