Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/07/2024, 17:50
Behavioral task
behavioral1
Sample
709ff34ca6c450f2f53ff38dd4963291_JaffaCakes118.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
709ff34ca6c450f2f53ff38dd4963291_JaffaCakes118.pdf
Resource
win10v2004-20240709-en
General
-
Target
709ff34ca6c450f2f53ff38dd4963291_JaffaCakes118.pdf
-
Size
78KB
-
MD5
709ff34ca6c450f2f53ff38dd4963291
-
SHA1
6fd6badfd900f31264332864c040d0e7fd6b9f8b
-
SHA256
aa1db537988de21b16d165cf8ad7a926c800c2114644ecaffacea684fa9bdae9
-
SHA512
9e0d30c69b53f2040d9d664144561493192f899ffd92eb852e3dc8dba76d82e2759f4226a6ec56798eca1a26094a12945095ee608e02b84aac15757977503bcc
-
SSDEEP
1536:/PK8HKHCPQk1mpbm409zTFneS8Mv4kYfhVgUrtD5xruOkDEQbdBs1F:3gmFqA9z5n/5wHfMUh5xZkD7K
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2092 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2092 AcroRd32.exe 2092 AcroRd32.exe 2092 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\709ff34ca6c450f2f53ff38dd4963291_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52e8a6a724aecc6e4ccf2226df3f4ab11
SHA1e53e6515ae6e920f6fbc1114a99628cb7e578036
SHA256b11631ba53b049d5a31a3ac6bcd10e746c4ad6db1b05b133c1951b58cadfda58
SHA5121578bcc78d956c76250375fdcde4673932c4ebc2db4a3fa317ac794d14abaf4c9fa566e1d6fce7606799c153d9beacc3349b6691212b07d9f894bbab397f5dc3