Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 07:05
Behavioral task
behavioral1
Sample
5aeb8ce4c4bbae16b9ee563646522210_JaffaCakes118.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5aeb8ce4c4bbae16b9ee563646522210_JaffaCakes118.pdf
Resource
win10v2004-20240709-en
General
-
Target
5aeb8ce4c4bbae16b9ee563646522210_JaffaCakes118.pdf
-
Size
91KB
-
MD5
5aeb8ce4c4bbae16b9ee563646522210
-
SHA1
cec1124f6c240dc8a165332c937b635c73f49a9d
-
SHA256
12f281931a6fb111b35c2b5af996e0ec5a7936d7e4b01351caec89a698c1f807
-
SHA512
4dc4803f2f8602edf7e69e162ce8dcb7faa2d7e88d3cc90600e4cd83d14979b62e8062f327928874c6c7a5d570223f4fb24ae9907ea4fa1f62d29214e423612f
-
SSDEEP
1536:SEX1kR2ouj+9X+CZQdotol8AdeEHcvbCFQlkViyRh/ENJGW3SBg6p2oB07WkpOTV:eRuK9NQdfG8lHcvbXl7yuJUD06TV
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2508 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2508 AcroRd32.exe 2508 AcroRd32.exe 2508 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5aeb8ce4c4bbae16b9ee563646522210_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2508
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5cbaa548003dd853f3bbc9c60c2071c15
SHA1e63e28acef8908d1d9b3c7dbbf6660d46023940f
SHA25696a4516561577df98efe6d49d11a1ef33dc23d753a338a7bcff4def5e904fbb3
SHA51276053987d9d5f66413f2197579bc9a9f9fbfa69d5cd480c88de8293d5dc4917c846f758d682f9199db71e9604b50c25f416408eded2d1eb91214d0317c69a6f4