Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
21/08/2024, 20:48
Behavioral task
behavioral1
Sample
b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf
-
Size
3KB
-
MD5
b4fd4c4da5b850eb33a1941219b8b642
-
SHA1
2de0288488a6f911e14ecb75dcfd1783afe876a5
-
SHA256
ba4e127fa8a7923709656464acbb65fc1fab03b8705a495d110e7fa67a8c4951
-
SHA512
fbf6595b41c5c01ec5c7a57d81f658c32fa235005595cf8f6ed072dc1d8cb37562e68e22eacc4a304b829ea18cf4953024810dd545a3e9ed2930abf9ff7c4868
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2572 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2572 AcroRd32.exe 2572 AcroRd32.exe 2572 AcroRd32.exe 2572 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f038dfc1c4e8ee328d49932966f8eefa
SHA1dbee4121e802d7b8ad2f5bdd3c550c0af04b1e8c
SHA256b3cace2112ca055d106637a50e0eba7c54a9a26e7a89faf455681b3b029c2b40
SHA512b843e939c08901e8f44c5931b1db332071f4ffa1e661b1e10c0e581a5764e5b253af7f18fdf905eee23a86108f50c5d11ed1a6ebc8bcba553c699ef9a41b04a5