Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/06/2024, 21:37
Behavioral task
behavioral1
Sample
b552e6452980c69e0fc68ec8c75b05fa_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b552e6452980c69e0fc68ec8c75b05fa_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
b552e6452980c69e0fc68ec8c75b05fa_JaffaCakes118.pdf
-
Size
187KB
-
MD5
b552e6452980c69e0fc68ec8c75b05fa
-
SHA1
11f265e17af86b9145c1aa7252b59d4fa70de9d0
-
SHA256
6a7bd80419eafa4d5989d10f655325266c39c3a3ac0757d299921d2c35a8090e
-
SHA512
3955b93bdce6f648b8a870e2c8282939766179a6eff680405cd4f64db142e067abf57ee9152d370dcb13d768a5214def07e56bcfbbdc2f4b651a720832b48336
-
SSDEEP
3072:t2irbxzGAFYDMxud7fKg3dXVmbOn5ug6Kjnx17gQ0Qw5o4fXYFSGxSh:t2MKlWQ7Sg3d4bOhz8LSoY8
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1728 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1728 AcroRd32.exe 1728 AcroRd32.exe 1728 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b552e6452980c69e0fc68ec8c75b05fa_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1728
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD549bfba59e02c29dc58af40829a058c36
SHA17195df58d7e68b676bd74406dab28860106e59ea
SHA2566ecd81c2844286902f0c2a7ea4e5999a743f0546ce84a75f30ef9b7333f5b93c
SHA512eac642ab3fc1d013d4523e85f2a47c05af93f3d50a92400e910fd6bdfdb87ac548de18558830a8f9a8424e65aa4dc3040f4d0107207dff1a62fa41252b2e8716