Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 01:34
Behavioral task
behavioral1
Sample
2e8c1e8beb255afd2034e307e36ab4d0_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2e8c1e8beb255afd2034e307e36ab4d0_JaffaCakes118.pdf
Resource
win10v2004-20240708-en
General
-
Target
2e8c1e8beb255afd2034e307e36ab4d0_JaffaCakes118.pdf
-
Size
93KB
-
MD5
2e8c1e8beb255afd2034e307e36ab4d0
-
SHA1
6f0ea8e569bbdceb2cf00ab3ec762028b7811d66
-
SHA256
6ec5ae089d7b4a285a17c14b3de4fd0afb58e04222cf10221395f9e589dcc188
-
SHA512
733a33a3ba05b4e0cc03200a7cea9d358c0c84b17ae28cfb10e987dcaf32789059d444f90a35457656cc2e1ea35a998c8109e34b55b34e754ec638a379edb755
-
SSDEEP
1536:+ZTs/kNHltMSuP/bsQ7BpWvp5czVkHD6nPVebnN2O/dvquBlOM8S1JXWspORGWd2:qQIFtMSCsQ7XWHCVLnPV6QO/1qUAY1Jr
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 804 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 804 AcroRd32.exe 804 AcroRd32.exe 804 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2e8c1e8beb255afd2034e307e36ab4d0_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:804
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD516d728b3cd78e685eba99b1a486c7539
SHA18b3b97d519e7032435d9b4d69a1aba48fc877717
SHA25655a90261cd572aa902628c9c95f39748135f261e9df152358c4d20bc9feaf50c
SHA512e307fb8ccb211758f97e8d0412ea4c5d3a2b6a9d3f80f151a5c319a19b18272b0365ab3b08fce8b7360d3cf6f3cde87ae7b998dc318a75903c6ceb6a7d0dd334