Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10/07/2024, 18:43
Behavioral task
behavioral1
Sample
35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf
Resource
win7-20240708-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf
Resource
win10v2004-20240709-en
6 signatures
150 seconds
General
-
Target
35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf
-
Size
15KB
-
MD5
35ee8973b7c328ff2ebece560b22ecf5
-
SHA1
caed04d0a7e7fe23160a63345dbfed92528a0251
-
SHA256
c6a3fd604fbdcd1f95c68627ac3b401137cec25a3ac06c2688d3ace2ac49983f
-
SHA512
15fde513ba04c0833f319b8c2742a7364c8577d5ded4931da81a6815528ea414478639c34df48dd7fc1bbeef5599b87cbc8f66dbfed440fef5f4a4ee7bc6d34b
-
SSDEEP
384:4ONyCeewIjJiziuY4e2RwHljWp+TnJOBvBYL5IiUtPgOaQ8tkx9pDqxzqMaqpHIJ:n87wTguLz6ghQLxCEyVIkJfip
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2704 2364 WerFault.exe 29 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2364 AcroRd32.exe 2364 AcroRd32.exe 2364 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2364 wrote to memory of 2704 2364 AcroRd32.exe 30 PID 2364 wrote to memory of 2704 2364 AcroRd32.exe 30 PID 2364 wrote to memory of 2704 2364 AcroRd32.exe 30 PID 2364 wrote to memory of 2704 2364 AcroRd32.exe 30
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\35ee8973b7c328ff2ebece560b22ecf5_JaffaCakes118.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 7602⤵
- Program crash
PID:2704
-