Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 05:10
Behavioral task
behavioral1
Sample
212c8cb1638cf96d84a6eee88d69ac9e_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
212c8cb1638cf96d84a6eee88d69ac9e_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
212c8cb1638cf96d84a6eee88d69ac9e_JaffaCakes118.pdf
-
Size
83KB
-
MD5
212c8cb1638cf96d84a6eee88d69ac9e
-
SHA1
b96f3c3500825713a7d53a97b5dcd19b6c7b7631
-
SHA256
6f8c7db464dba934aec2b8c47d4a87a5bc25fa9e01c67c1ef56840ac06da5a6d
-
SHA512
0293cddac37c77418fa5a33c33b7bc445b6f86de3180f2f8c85de7f0acb58e30073b8f752f836ebfd6eb3962455231e6704654ff991e8580f24f858d2c889b63
-
SSDEEP
1536:5ByWDwrr+DM1vPkrbgBPO3D7heYYaJnr6IBrvCeWmWIDSTb72MwW8pO7+TDDk:Twrr+DM1vPkYQGaJr6IBGw+baMb7+T8
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2480 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2480 AcroRd32.exe 2480 AcroRd32.exe 2480 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\212c8cb1638cf96d84a6eee88d69ac9e_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2480
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53381d8daac8e0188c35f6b3bad0d3d86
SHA1b2cc5446c7e58111d9464986fffb0dc32529ff66
SHA256db29d3dda1347425f2ec3eec422c1114a627642c5c80d69d823e881495f76ac1
SHA512e678f282d35814888d6d0d47725c8a7782f6c58cf1bad72c4e5b7f34c5b821f2fc806536fa9a822f4727004d52dd52539bc791fee04eeba2dac4fc5455f76f6c