Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 04:20
Behavioral task
behavioral1
Sample
02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf
Resource
win7-20240611-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf
Resource
win10v2004-20240611-en
6 signatures
150 seconds
General
-
Target
02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf
-
Size
16KB
-
MD5
02c1c67c85f5923d16c4153260223772
-
SHA1
86844a98f53f855f8865d2a71d55a16c90f02924
-
SHA256
c9a0908ac1a6462a6e91042ec381d349553e1e17af4e898bfa7c75c5c4b58404
-
SHA512
fa409bb45e4c41c71aa8c0a2ef8e994dfae4f5cc56bb7ce62ee0588e8871164d48f9c3395528694de72f60dec4b969877feeb76c44d38a2bfd4256afea79002f
-
SSDEEP
384:4ONyCeewIjJizSZfy2Bk3icAG96xMzj6jmwyuFfxMzH9HQCQYzSnQVEv:zcZoEExFotVS
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3068 2020 WerFault.exe 27 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2020 AcroRd32.exe 2020 AcroRd32.exe 2020 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2020 wrote to memory of 3068 2020 AcroRd32.exe 28 PID 2020 wrote to memory of 3068 2020 AcroRd32.exe 28 PID 2020 wrote to memory of 3068 2020 AcroRd32.exe 28 PID 2020 wrote to memory of 3068 2020 AcroRd32.exe 28
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\02c1c67c85f5923d16c4153260223772_JaffaCakes118.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 7602⤵
- Program crash
PID:3068
-