Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 23:55
Behavioral task
behavioral1
Sample
882df9c239136d5a1130b3fd8ea17d38_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
882df9c239136d5a1130b3fd8ea17d38_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
882df9c239136d5a1130b3fd8ea17d38_JaffaCakes118.pdf
-
Size
132KB
-
MD5
882df9c239136d5a1130b3fd8ea17d38
-
SHA1
08f9045255a951fa9ad8604fb74058375034bf67
-
SHA256
381c555a4a365aefc7d15e4f3d6d43f6cff8b92beac59c6a62b088b4ac7e6f59
-
SHA512
d03e455281e8406612bb7e9c4a0d2c88b173ed84fbc45c1e9c60b155aa80be84a8b76abe2d3f0df2d2ccb2f8e1274dd63d61f2cf38480d5dd2c12139c4b9b98f
-
SSDEEP
384:bONbedw+lJ5dnY7lWKq3TrxCE6t3SU0M3:3+E6tR
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\882df9c239136d5a1130b3fd8ea17d38_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2704