Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20/08/2024, 04:24
Behavioral task
behavioral1
Sample
add904206b2df8db7ce4806e1e0605c1_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
add904206b2df8db7ce4806e1e0605c1_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
add904206b2df8db7ce4806e1e0605c1_JaffaCakes118.pdf
-
Size
82KB
-
MD5
add904206b2df8db7ce4806e1e0605c1
-
SHA1
b3384313dfb57ebfb5451fe3532f2c53cfd567e5
-
SHA256
a680aeca09325b033dde49434562e5187016b709c0e9dc5a12d50a0833e096a0
-
SHA512
44dccfbb5b62e1495323d49fa9f714374314f74eab78773e3880fa31f2afaa72a2b6fa242ee73c823cec5e3815575bce337b3a06767bd0642aae87fef441c24a
-
SSDEEP
1536:kAln4Lw55pJE3CSxN6Xl8+QyvKRHXxiXXHHJkvLh7AkyWspORqTYNayGcWoWXB5/:XnAw92uCfyvUgXHHJ8SaRqTY7GvBxpCw
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2104 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2104 AcroRd32.exe 2104 AcroRd32.exe 2104 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\add904206b2df8db7ce4806e1e0605c1_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD507445d56d95eb18705e8955838347cc9
SHA1f36da79d0c2de18889edcd9d31c987174c518706
SHA256c40c64227cf2b2738562c3532177f0faf69ed413e00174b19530b11d9612a429
SHA51213179a602d773af85ba42940cb78ae3f8ad88f7aaa2150d3042ed8b5dc5e2945db58ce2a250c7c014381bddba9663f9cca0cdd984330a79d11bbdb1a0b6be172