Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/06/2024, 13:34
Behavioral task
behavioral1
Sample
b3c53e79babbe5fad670699f0ab5d570_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3c53e79babbe5fad670699f0ab5d570_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
b3c53e79babbe5fad670699f0ab5d570_JaffaCakes118.pdf
-
Size
52KB
-
MD5
b3c53e79babbe5fad670699f0ab5d570
-
SHA1
030e04176705b5220e23cd0e5659261d438ec728
-
SHA256
b3492953400083e09ea7e4e2428a1225c4bcd7ac829da5a3407697d57582a62c
-
SHA512
e7b5f26955f7b245a2c55536ffb2ed270f482b8b2484feb33be62661c6c5141f251d4cd0f149f89da476abc4eec5b79ee0e52b3d2867b8e1be745e4bb2ad3134
-
SSDEEP
1536:sGFiZ5zJ0LiufRTNg9sdjqW0noKX12X1ZocNO:JFi79crpN0UjTIJzL
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2924 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2924 AcroRd32.exe 2924 AcroRd32.exe 2924 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b3c53e79babbe5fad670699f0ab5d570_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2924
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5041dffb25325b57c651c97fd7fa67ad8
SHA1bcd57e3dad5bc5d345bcf4d9da27de364eb46dd3
SHA256d95d633f0ea3976130637a685c4e8707ccbd0d0d01ed2597d36861987b62731d
SHA5121a8b61f09bb75710a8820f12ce51faf5c9a22842a77f5df3a5ca15dab21502e3f8fa755ddb01d6c31383a3bdd684fcbdabe98abf79daff26ac9d3c313c186fbf