Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 00:01
Behavioral task
behavioral1
Sample
43ae65d87fd8e76de3330eff232caea8_JaffaCakes118.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
43ae65d87fd8e76de3330eff232caea8_JaffaCakes118.pdf
Resource
win10v2004-20240426-en
General
-
Target
43ae65d87fd8e76de3330eff232caea8_JaffaCakes118.pdf
-
Size
40KB
-
MD5
43ae65d87fd8e76de3330eff232caea8
-
SHA1
9571e849c611689e9b88e04ca035b98542dbf926
-
SHA256
a3365a58d2d2d335df08086a0de9ae8e68ffcda4170879b63d3527d373b93c2e
-
SHA512
ee4f7839fd9ead913098560189b9f014cf2bf94bb270e7bbbd391a0d12d1f4668a78e5b91f67e73af445f942c1a7b77f5cb4d7c0e9fe9a35e1c7064a5409df54
-
SSDEEP
768:pJiQGzPXour39XbF+89scZsD/fojZOkdPR6CmosqrVnaIu+Wd8H+NPbbwrJYqk:7JGzPXR3wo5PR6CmQpnBnWdFbwrJYqk
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3048 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\43ae65d87fd8e76de3330eff232caea8_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3048
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5456d5e0fd022cadc4f5aed44782a0630
SHA14a4fd8867a4dee1580ec89f306358e0a7f7f19d8
SHA256115cc8b74aaa1a3bb85a026f4129aa572a4f621e44c130586d283e85f1d911aa
SHA5125bc563858f0b96d82b0f9aba90046b323d0f55ed3869e8449381afa48c6902a00384d38f027a05eb17e3d4d2f44f1e527662e0730068220b70692f6646803b26