Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 23:43
Behavioral task
behavioral1
Sample
8551aa61bf416e039215924fd66dfb1b_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8551aa61bf416e039215924fd66dfb1b_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8551aa61bf416e039215924fd66dfb1b_JaffaCakes118.pdf
-
Size
50KB
-
MD5
8551aa61bf416e039215924fd66dfb1b
-
SHA1
44cfa7a761c699d7e509f276032e9e196fce5f6c
-
SHA256
858a09ebc8849409490ccd30c3f73bbe766c27707330e61e48fe90a5bffec8be
-
SHA512
20b425d6626bb57c033eaac4d2738d45853a5baa4bfb2d51245b49d2bb164e7317a60a28a52d2303a8ef3b22fba9efe5099d98a199d01fa6db9c1dd473f685f6
-
SSDEEP
768:UgGzpD2pCUZx3Qqrfm3+KjPTrC9Z6rzxjI1bSUEsrP9AKFVzAq28Iy8Zy720b:hGF6pFmuCbccr1PCVzh2Vy8Zy720b
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2952 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2952 AcroRd32.exe 2952 AcroRd32.exe 2952 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8551aa61bf416e039215924fd66dfb1b_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2952
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD533c05347f6013462bdf99ec77f04a3b0
SHA1a3b06f2be7275069291f5d522dd0015c6c3ee188
SHA256ac7a61770b65984147cb8fdf5fde3e447040ec025028db3e39a49055e96a04da
SHA5129e442c7cbe9ef733c4fd46da5f2f6b742ac87d06bfc7bbc6eb6ea71d1d4a0fb8128961b8347ee5f62b2ed30568d8a982ad46ca084d8624cbca86981770df7e39