Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 16:24
Behavioral task
behavioral1
Sample
357cc2003819ff5e160b31c36dad886b_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
357cc2003819ff5e160b31c36dad886b_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
357cc2003819ff5e160b31c36dad886b_JaffaCakes118.pdf
-
Size
53KB
-
MD5
357cc2003819ff5e160b31c36dad886b
-
SHA1
bde8d76c2320ab34b5c69fa3f6856d89bbbecd1e
-
SHA256
c9b7a3376ca2dd6f8e2d1443df97ba99250ad3cb826c0b5c113807c2e96b0010
-
SHA512
16649f733eb1c56429a800e128cfd10d026bdbcd96cac81c94dabbd754b142f2eace8f9717abe37e1ca4d8a85a7dc8fe9de6bf6d16420c034a0a0420ddbef050
-
SSDEEP
1536:fGF9pYtfqUC/I8jyBB+tLrLgvKLdYSNksdYjua:OF9pxI8ygLHgvKeS7a
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1908 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1908 AcroRd32.exe 1908 AcroRd32.exe 1908 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\357cc2003819ff5e160b31c36dad886b_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1908
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50d312f3445d9e1074e30bc307cf383db
SHA160cd342126068d378b3173c849f2974e23840615
SHA256bc36d522b1f63cdeb6010671e9f9021a37104ce50ab92579dd1b1c7e0cad22b0
SHA5124ea0bc02a5c626b20a450889657137f7fd14dd2e2efb60020e29f53cb447c7bc603bcd9f40058d87d683a066149a47af192079c3e246904cd351e633bb76b293