Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 20:48

General

  • Target

    b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf

  • Size

    3KB

  • MD5

    b4fd4c4da5b850eb33a1941219b8b642

  • SHA1

    2de0288488a6f911e14ecb75dcfd1783afe876a5

  • SHA256

    ba4e127fa8a7923709656464acbb65fc1fab03b8705a495d110e7fa67a8c4951

  • SHA512

    fbf6595b41c5c01ec5c7a57d81f658c32fa235005595cf8f6ed072dc1d8cb37562e68e22eacc4a304b829ea18cf4953024810dd545a3e9ed2930abf9ff7c4868

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b4fd4c4da5b850eb33a1941219b8b642_JaffaCakes118.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    f038dfc1c4e8ee328d49932966f8eefa

    SHA1

    dbee4121e802d7b8ad2f5bdd3c550c0af04b1e8c

    SHA256

    b3cace2112ca055d106637a50e0eba7c54a9a26e7a89faf455681b3b029c2b40

    SHA512

    b843e939c08901e8f44c5931b1db332071f4ffa1e661b1e10c0e581a5764e5b253af7f18fdf905eee23a86108f50c5d11ed1a6ebc8bcba553c699ef9a41b04a5