Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 16:03
Behavioral task
behavioral1
Sample
8791f56a042c727276385b7f53a99365_JaffaCakes118.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8791f56a042c727276385b7f53a99365_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8791f56a042c727276385b7f53a99365_JaffaCakes118.pdf
-
Size
45KB
-
MD5
8791f56a042c727276385b7f53a99365
-
SHA1
b47cc6db836e717a1e8804f7f8aad12243e1df27
-
SHA256
3716d656ad6e4e87b65a225200e9cfbc85ae1cbe2a5e88e34fe8a8c55c58b126
-
SHA512
a9f9c829fd9610cd46c3651458c9e1a6ba41e2f9f4d52f348d8b95fd49b57d2000ee281118a73e9bdbe07a7ce59aabce06b3c75e66683062f93ab362e5fc5a72
-
SSDEEP
768:2gGzpD2eucc8spi+c3OUtEG7fzkPig4W4O/bTRZTqoegkBXljqpEPvQ5PEZ2ku56:jGFKeunPblHbTRpf3iX8pKv8PkpuXZ63
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2372 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2372 AcroRd32.exe 2372 AcroRd32.exe 2372 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8791f56a042c727276385b7f53a99365_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2372
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56bb5c39a39a868a1e930e3b38898951f
SHA1c2332cc6e3c79dd823b82249c062aa5c8cfed428
SHA25657c8a1e0cdc91768fbd6832d666875171d9c0091f2ada7242618b79641251d6a
SHA512c056d045bca18b76f01f01997a68f0cbcdde316389403cd899c4b1ae68803bd45b8b0a00be9fbb989a8f1fa62b6aa1adbf44f9bf44e83b243492f2c12b4b3bee