Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 23:34
Behavioral task
behavioral1
Sample
3f5085fb51ecdc5ef600873406f97676_JaffaCakes118.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3f5085fb51ecdc5ef600873406f97676_JaffaCakes118.pdf
Resource
win10v2004-20240709-en
General
-
Target
3f5085fb51ecdc5ef600873406f97676_JaffaCakes118.pdf
-
Size
83KB
-
MD5
3f5085fb51ecdc5ef600873406f97676
-
SHA1
fafe9cfc2eb2f976af7e830eb1fa4893c346e3ea
-
SHA256
25de1a56dab9e0730e0829c1bea9db2d7b59e106cf57f0a9935e466e4a1d9339
-
SHA512
f73b33d3b0d33b761e1e8b095d5dbbd6d9db8130b29a5b073b20729aaa7302b72b3e3129e7ef91efd8664edbf8c1333e09eb541ebe8d093f9bf119d24b088528
-
SSDEEP
1536:wa/Cg3H50fB055sdVgYKnGVaDxhxyP8cG2cn+/BOyWO0LhBtJoWcpOmN5b:9CE0pw5sKGUDxhxyP8czFpOA0LhJzmr
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2540 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2540 AcroRd32.exe 2540 AcroRd32.exe 2540 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3f5085fb51ecdc5ef600873406f97676_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2540
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57cd57a26339701e2a04fe68f8677678e
SHA145be6ba5fdbcd21b6cac7434df6b078b3fe8abb4
SHA256e7961a003ba9d387bc8f7b7c928f6903ea80b381a26a3626c2351fcda2d6a83f
SHA5124b50f15bcd9a6cba58e5c503fa73f0b22b89ee1b45baa731f3963d6106d5d0d7560989dd115425a019b0c11118ed05b162d1f437f73fa291aa94088f6b638c6b