Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
23s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
11/08/2024, 20:25
Behavioral task
behavioral1
Sample
8bd7095719bae1d3444a72c1b28bbe05_JaffaCakes118.pdf
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8bd7095719bae1d3444a72c1b28bbe05_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
8bd7095719bae1d3444a72c1b28bbe05_JaffaCakes118.pdf
-
Size
23KB
-
MD5
8bd7095719bae1d3444a72c1b28bbe05
-
SHA1
189bc823e9f0230a8f727e3dc85ec0c4871a2b5d
-
SHA256
4a05d9043d7d571b1b11503ef255606d7c7b695e3e71c3e8e944a37e81e616b8
-
SHA512
756b1838943517a713af334f179eca2bc13a4e9c9c79ca9cb8e774f07db9a2ba3dc4fcd581a55a30e3b4561733b646d529fc0fa24671455a6aaf0e866e4723d4
-
SSDEEP
192:WysNAbl3FyOyuYyVV6X/KjT2fToW0CA49NP4X+:WysNi3FyOyuYyVeKOEb49NP4X+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1748 AcroRd32.exe 1748 AcroRd32.exe 1748 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8bd7095719bae1d3444a72c1b28bbe05_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1748