Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13/08/2024, 15:52
Behavioral task
behavioral1
Sample
93bfb49dca4e3d98f8946fec8b4b0a97_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
93bfb49dca4e3d98f8946fec8b4b0a97_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
93bfb49dca4e3d98f8946fec8b4b0a97_JaffaCakes118.pdf
-
Size
90KB
-
MD5
93bfb49dca4e3d98f8946fec8b4b0a97
-
SHA1
d51935918a29e7d2872aeadb0d96172ad960b003
-
SHA256
369f708e04bf25b6718c6bfb115b1038de592e46b72c3f2a852f624f77c9dc90
-
SHA512
eaa2d9a2de21d58bdf6108b85ce302ad92731a78b859fc54e16fd20bfc0aac7d2cc0ec45d934062fec57b3aba7c43420934fade16ae2684f03fc788aa201a495
-
SSDEEP
1536:pN/1+IdIQedOk8K8WczlAuUMx78wqG1mF647teg8lDlL3zkJrbtWxTK/z6d5DX/m://11dBVk/P0vTx78wB+y5LcbKezWpPCP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2892 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2892 AcroRd32.exe 2892 AcroRd32.exe 2892 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\93bfb49dca4e3d98f8946fec8b4b0a97_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c103c994b0a422905975177ba8184274
SHA1d8f0841b2f246dbd7381ce28a589485a67551b9a
SHA2566a111382879435c0f7a84be58c52fdf2b8e23f2bce6c8963bbf017ea68da09b4
SHA512c8adafe975f1c9246d245499221ab29fafce4532eabddc9130a2ea5a21bab919649cf27e704566415b45815795f20d4fd7e33118e016396c974c103f52825cdf