Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/09/2024, 09:25
Behavioral task
behavioral1
Sample
d608ffa9876cb1f003f70890de4a97b6_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d608ffa9876cb1f003f70890de4a97b6_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
d608ffa9876cb1f003f70890de4a97b6_JaffaCakes118.pdf
-
Size
2KB
-
MD5
d608ffa9876cb1f003f70890de4a97b6
-
SHA1
b5b982d4e93116bfde5cc2401440d0d137d17f36
-
SHA256
4bfafd8b5269353863dc1f9f5a8c2bfda0a843eb2c37bd3739dabfe262c7ea6d
-
SHA512
8fb4678c9e9c8ee06702f7988ed85b9e1de26a399ecdbf14e186fadace61837b2f06120ea6eb223167b311c042200ed32ae54350aa32e77cedf93cda264ab06b
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1876 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1876 AcroRd32.exe 1876 AcroRd32.exe 1876 AcroRd32.exe 1876 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d608ffa9876cb1f003f70890de4a97b6_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51c8c40352fa635111511bb30d7e5d266
SHA1f302db0f8c441b4ee77efa6272a60b56f21d28cf
SHA2562ada262134b63f5efef741ad2e892bf05b28106c140fd9f3fde421307a57cf8e
SHA512c0551d22a3d359c7b095a0ecb968a9e68ca32f9917691164e501ae8e7631642edd2e598c698d4b01a3ab193fc38ce8d1e0f4bcf6659f644d8cf2fb514164cb33