Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 06:39
Behavioral task
behavioral1
Sample
b6b1b09fd3e216594f9892fdaf4e5a8c_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b6b1b09fd3e216594f9892fdaf4e5a8c_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
b6b1b09fd3e216594f9892fdaf4e5a8c_JaffaCakes118.pdf
-
Size
41KB
-
MD5
b6b1b09fd3e216594f9892fdaf4e5a8c
-
SHA1
fb7357985168bf3067a2f2f151c60ed984fa4a50
-
SHA256
6b2d685d30df49ab7c705de6f5c6060fc59099341e1671ee606b4f6e89b1e693
-
SHA512
7493af0b9a4279a42a1d6ca85afe4e0e0be29a07f615ed60b434caf2731ded167d5e53e9bfce6025f0c47564fd9f37a9e45b47266627f56c3b2dab1358542389
-
SSDEEP
768:mGyK8R2Fm0u6DQCaKFR2mJ7zFTAc4TXB0MXbSnGE5u11GRXvE56XuMZmwgCLWarr:mdKu2Fm0u6DQCaKFR2mJ7zFTtkRuY11g
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1688 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1688 AcroRd32.exe 1688 AcroRd32.exe 1688 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b6b1b09fd3e216594f9892fdaf4e5a8c_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1688
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD598b75ffa34b1dd4baa5288de53e91f60
SHA1836b506999e38de74b5350326be72bbf86f6a7b3
SHA256120714698c7e9e1fe0267a957b0715384945c8e1d2ea93173c62faa7078faf21
SHA512a9171ac5b3b22b150f65b3ce0b781ac963f34ec33608d3a36341fb708215678d0bd9cb44ec6c78a87371d7451096cc0db8e0022985e5604051ca8e384fe67e23