Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
17/08/2024, 03:19
Behavioral task
behavioral1
Sample
a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf
-
Size
79KB
-
MD5
a10272e88847dddf29bf822f45f371b7
-
SHA1
16fc00254a378458438de02c9c3ff1f8bb1f9d25
-
SHA256
f2a926b0d67ebe2303f1814e536296c41c26478dddf60b090534e00231f8b3d8
-
SHA512
8ce7b016d36637faf4399fe1cb4537c455a963b4a502cc40123cdbad5999d470e0863b7c96f2fe94a436f2e5ed7aaeda293cb6e576d93a9c18393a4ed82da891
-
SSDEEP
1536:2uxd/nVPWFTz8KII9ivcLkRJpias8uYXPLQ3xQCdYmeWDDOnpxzf:JFVPG8KnkR/iUuYXPL+xzDVDOnph
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2680 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2680 AcroRd32.exe 2680 AcroRd32.exe 2680 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a10272e88847dddf29bf822f45f371b7_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD551e3dbcffba8f0f84e01461ad6d49d98
SHA127b5878a4c0adf859fb3eb5b56f61164f4f90b38
SHA25667c7ba78982924379c5df9c4903647de2ac0ff017b426e3f1560b3de7d14d400
SHA5125b25ef7f58484d4aa88ce374ba2829763426862651caf67be2047b352287341790f08d7961e7cc63e552ae94389d3c77f0b556accb879f6f1ef87485dd2c3841