Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/06/2024, 22:02
Behavioral task
behavioral1
Sample
9c1500a5054f898c50515dfc423c9942_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c1500a5054f898c50515dfc423c9942_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
9c1500a5054f898c50515dfc423c9942_JaffaCakes118.pdf
-
Size
59KB
-
MD5
9c1500a5054f898c50515dfc423c9942
-
SHA1
d6dec51c31c3188262224b8b4b5b7179892acbb1
-
SHA256
49b65380051854cd797556c771690215a24519f2c11e47b8ba95ec8029ab4b6a
-
SHA512
5c3d4013716ae34c54264bd326e0f619f1c7ac4f0cdae793449dbc414682819617888902e9c91a3ab8f4ac7ddf2cfc7206adce51454203edac4e75df3bb06e01
-
SSDEEP
1536:/GFVo3LeV+MV52KrMyWDkNGGreFKYl2nSvScZadpsb:uFV6s12KdkweFKYUSLodq
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1740 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1740 AcroRd32.exe 1740 AcroRd32.exe 1740 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9c1500a5054f898c50515dfc423c9942_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1740
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5ca91c38ab76857edf2886e5052d8cd44
SHA107d6a5ef814476b94ecc49a86729a8d8152806a4
SHA25670df6dbc1a6a2073b2e004961253ba75778c2f3624fba0f91ab2beab6c1e5c83
SHA512a09786c636bd1dba7763a05f6884904aaf8f16f2155b7d9381a2641614eeeaa490582529c66504e9460730a340e5b01b4168f38dc76d035610b4a865233275bc