Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 05:44

General

  • Target

    6a710d6faa1b23b322effe5241ba4962_JaffaCakes118.pdf

  • Size

    9KB

  • MD5

    6a710d6faa1b23b322effe5241ba4962

  • SHA1

    51f5b621c33c6ebe8417c65dc0ac4204b97a6df3

  • SHA256

    541adff5b2e3b89256e32c7a247134a3a459a5efb3af1c13ad265eabf4ad913c

  • SHA512

    925ac2f1e6ef79f78862bb8b8a51fd96b09fe0538535dd55ab73be07ba7cb729b511caf73b16bf74e5b90152c0fe59aed0a93917b4fc713120a97683d4350f02

  • SSDEEP

    192:mPz4ULMxLIKXHszsKXJ+fhpsKQnlXzhKx6uCGWVwCe7dmG7LZfnGMMzf7Koa3V6M:mPz4ULMxLIKXHsAVhHQnl9g6OWyd3nHj

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6a710d6faa1b23b322effe5241ba4962_JaffaCakes118.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    bd3e49800e202e4a685981bba10e730f

    SHA1

    43036c8a7437bc59b7bd9e2ddfcb0686720c5bf7

    SHA256

    d6cb2e6e6564adc819b40c2f36e5f001c1916755a61c6a569199d51b94d9e5e9

    SHA512

    7c8fa0f2f8d3363a2667727d4e066788bf57ead23e40c39bc5fbb007a43f64beccf760b388cd16dc8609fb1b2f6d1a185783a81588b204fe98be52af2ad9023e

  • memory/2444-0-0x0000000003FF0000-0x0000000004066000-memory.dmp

    Filesize

    472KB