Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 07:23
Behavioral task
behavioral1
Sample
336b9cb73f1d2f8a9fbb5d430a7c1f85_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
336b9cb73f1d2f8a9fbb5d430a7c1f85_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
336b9cb73f1d2f8a9fbb5d430a7c1f85_JaffaCakes118.pdf
-
Size
76KB
-
MD5
336b9cb73f1d2f8a9fbb5d430a7c1f85
-
SHA1
ba3d7cd73475e787f3a3efef252a34a008e2b099
-
SHA256
07b6a871ba9ee181349a913ccf4a1cdeff9670ee1989d7b4b263ef4cc67e7683
-
SHA512
7f6e0be5c1954ead33d5f68196b78e700a4846bcca1187df3789b8577fe0506b5ebd52ca67e644019530603a3d11bb0561cd2b28345debd0e7d49c4e407d7176
-
SSDEEP
1536:KGFRp+ffRqQ1si2buqIG2CaajCGkWJOirY8e7yRRwn6taKaHWcQ63ZylPIz:zFRpmpP6CGkWJ9rY8janHWcpAls
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 552 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 552 AcroRd32.exe 552 AcroRd32.exe 552 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\336b9cb73f1d2f8a9fbb5d430a7c1f85_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:552
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d7ec4679962b29e9b7d8f14abeb355eb
SHA17d3f6180f37af351a10ea82c1cca9fb29d795617
SHA256f39fb0859dcf949ecaeffaa70f622675338a5b1355ef7a342cf00dfea6d50ddb
SHA5128f3b45f980f672bd2211fc984430ff5ab5b58993efb8a0d3d0611bc283e9a73b7d6477e6ebbead5cdd16728c463b6a2188634f3f2e92ad1ebc0bdec832a1bd72