Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 07:20
Behavioral task
behavioral1
Sample
a87f20594bfe21e78050788977d8491e_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a87f20594bfe21e78050788977d8491e_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a87f20594bfe21e78050788977d8491e_JaffaCakes118.pdf
-
Size
35KB
-
MD5
a87f20594bfe21e78050788977d8491e
-
SHA1
515be6b2ff657571cf03a6f415725566e4748334
-
SHA256
2440659445ab11e74f47145b76998b222b40f372fef31e060c149f952c621f1e
-
SHA512
b01fe888c0c59c36f9a70962c8c4e0ebef4de6743a6416d4655ab3102ceb39696a228e25cdb08edd33fff6ef09898ba346c00395b96df1a77a6bdd44b83a26f0
-
SSDEEP
768:DfTItbpLHARl2/pjxwfDigK3JByW1KhO201TaVBV8i31qPVVsGjmceE5NXuMZmwK:zUbpLHARlcTeeg8byW1KhO201TsBV8iv
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1728 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1728 AcroRd32.exe 1728 AcroRd32.exe 1728 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a87f20594bfe21e78050788977d8491e_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1728
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55d66e41192891b0d4c9679f51406433f
SHA1b4202e342ede7af4408976c80012aa5c7d7db405
SHA25693e6791b0f1a8b9b24bdd8366b245a61f22420b3286edda630cd11e92d1ced2c
SHA5124bc0b675aca3631e759df57b33cfe89d07dbaab7aa92ea2b454a99461baca50abad65cfb4e10ce4c95b29bfcf1ef54e2d56f1084955103365b45ad306505d463