Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
15/07/2024, 12:37
Behavioral task
behavioral1
Sample
49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf
Resource
win7-20240705-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf
Resource
win10v2004-20240704-en
6 signatures
150 seconds
General
-
Target
49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf
-
Size
4KB
-
MD5
49cfa73a76f04572d7c31f885045fa38
-
SHA1
21de706c1f6a7698729943ef5ff9e54953531130
-
SHA256
e808182f9866ace0428f492c6a2b14d2867d71a91be0f1f4fd3acfb24434a2c0
-
SHA512
b80069e8d7c8e446e149a87b63fcfb1032b71126d4670ac3e4844b3239f190b74d8397c89405e9c8ffde1de7226a105a495896ee894b1fb519ee084cca6b9383
-
SSDEEP
96:rDg51RORkrqkYrxwIyrEEQ+YiDVMCJD2mwouUX64fx8scx8bh7ZMPytPG/5G:f+1ROqrqkYrxwIkEP0qC2mg4fx8C
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2200 3052 WerFault.exe 29 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3052 AcroRd32.exe 3052 AcroRd32.exe 3052 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3052 wrote to memory of 2200 3052 AcroRd32.exe 30 PID 3052 wrote to memory of 2200 3052 AcroRd32.exe 30 PID 3052 wrote to memory of 2200 3052 AcroRd32.exe 30 PID 3052 wrote to memory of 2200 3052 AcroRd32.exe 30
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\49cfa73a76f04572d7c31f885045fa38_JaffaCakes118.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 7442⤵
- Program crash
PID:2200
-