Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 06:21
Behavioral task
behavioral1
Sample
d1456d56f786b7049eb65b489a2c674a_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1456d56f786b7049eb65b489a2c674a_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
d1456d56f786b7049eb65b489a2c674a_JaffaCakes118.pdf
-
Size
16KB
-
MD5
d1456d56f786b7049eb65b489a2c674a
-
SHA1
623c089df6a935cc52568c4386c5ff223e6033dc
-
SHA256
b5d3a58ce56fcb691a991d3e93fbeffe98f5ee04e6ee3791f5fd96baaa300a3b
-
SHA512
8230c994f0594288ec3a5aac6a51bd8bc43901d8d4a616c57a50b1e50ab738ff408a238975f9d13daa34a4205f01155d752bd4c12f68a85d0fd7148b0998d7b6
-
SSDEEP
384:VzDQK5kHMe1z18FcZGcQfcMgc55caPRc/bBtw5dqziSeVkVqoBidyyy8fQl9G:VzDliz18qkDDbPm/bBtkd0/eVkVqkQyE
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2072 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2072 AcroRd32.exe 2072 AcroRd32.exe 2072 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d1456d56f786b7049eb65b489a2c674a_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c7474d56ebfeaf64578fc9fd3028584d
SHA13c841e7c57cff74b7b0d1cdd65add48667267fb5
SHA2562511016022158b9d3bda1ff6b57174af06b5cae01d6013f844a26bc6770de76b
SHA512d3e568a86137ce6e92e0ac6b1fc3d25cc1b143f7595384b1c022441502949637170bf81a8b3a21351b10e02a9e235caadf6459cae42d315213c251ecd6c065db