Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 03:19

General

  • Target

    a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf

  • Size

    79KB

  • MD5

    a10272e88847dddf29bf822f45f371b7

  • SHA1

    16fc00254a378458438de02c9c3ff1f8bb1f9d25

  • SHA256

    f2a926b0d67ebe2303f1814e536296c41c26478dddf60b090534e00231f8b3d8

  • SHA512

    8ce7b016d36637faf4399fe1cb4537c455a963b4a502cc40123cdbad5999d470e0863b7c96f2fe94a436f2e5ed7aaeda293cb6e576d93a9c18393a4ed82da891

  • SSDEEP

    1536:2uxd/nVPWFTz8KII9ivcLkRJpias8uYXPLQ3xQCdYmeWDDOnpxzf:JFVPG8KnkR/iUuYXPL+xzDVDOnph

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    51e3dbcffba8f0f84e01461ad6d49d98

    SHA1

    27b5878a4c0adf859fb3eb5b56f61164f4f90b38

    SHA256

    67c7ba78982924379c5df9c4903647de2ac0ff017b426e3f1560b3de7d14d400

    SHA512

    5b25ef7f58484d4aa88ce374ba2829763426862651caf67be2047b352287341790f08d7961e7cc63e552ae94389d3c77f0b556accb879f6f1ef87485dd2c3841