Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
17/08/2024, 16:59
Behavioral task
behavioral1
Sample
a35fbcdc1ab46420c4002e6b5121f47c_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a35fbcdc1ab46420c4002e6b5121f47c_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
a35fbcdc1ab46420c4002e6b5121f47c_JaffaCakes118.pdf
-
Size
43KB
-
MD5
a35fbcdc1ab46420c4002e6b5121f47c
-
SHA1
7d92f112843728e55277a2fa563d57a7ecba45b2
-
SHA256
1995780fef54d88cb4a5c520c366626e39eb8c128ed1d4d2466351e483f53b23
-
SHA512
bfbca29d70a542aab67730f08e0e3a09a6e4b3b356a6bc16a2e57b2c8827982eb9274923649fac8969fd17584be5353154185788200ea6c258528935ee5816ec
-
SSDEEP
768:9uqDwbTZheFIziCSOo0qijlyK/04OQE+3XrG7XAuDp4qPOj7:9u2GhpBoijlt/04hC7Rp4uOj7
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1832 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1832 AcroRd32.exe 1832 AcroRd32.exe 1832 AcroRd32.exe 1832 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a35fbcdc1ab46420c4002e6b5121f47c_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD596673a7ec92f15df439d903eb8f8f877
SHA1b8896b968c1fcf64a693fe116e1f64c3314b637b
SHA2560ac5f3e210b190fc0139fc5c472b4ad849c994444872ab30de4282cd39133620
SHA512cd6af8054edd6ce28f032e511e00bac03dfda1a1186db1346872a6fe4432144d0db08ea87164f9a25ba004cfaab0654e2a39e18df98570225dcb00a95a43d535