Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 04:03
Behavioral task
behavioral1
Sample
d99371fa857fce8989e89bbc82c0b751_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d99371fa857fce8989e89bbc82c0b751_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
d99371fa857fce8989e89bbc82c0b751_JaffaCakes118.pdf
-
Size
28KB
-
MD5
d99371fa857fce8989e89bbc82c0b751
-
SHA1
0668cb0c4d24ffed99b4190197725e4ddcf4ce36
-
SHA256
517475864c4b1082950bb4671572079297c05c3395941fd616980802f75826ca
-
SHA512
04707e3ed220f6fef67138dc211ecc25c734bdcfec3e922a13b366f2dc582c24687f753484bbc651a91043e3f6099e13748cfb5981595782194bfeb80d2065c6
-
SSDEEP
768:gXuMZmwgCLWar+LA7Fgxfaf41YuQ2TB+hKyrq+Alu:gXFZmGWS+E7Fufa413QgBG4+Alu
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2664 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2664 AcroRd32.exe 2664 AcroRd32.exe 2664 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d99371fa857fce8989e89bbc82c0b751_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58674b266d65c47d37faae520284bee10
SHA1e9cab5c99a325fa7852fc2c92cd6a6d2c99b8e18
SHA2565db5b9ab0832f6004ccad980f49f52dcea7fa411b83b1ee5f3057aa07dad3d04
SHA5122f28890af023e5dcbec6ad25ece1a4e0dd869c9e207627fd6b6208afb493d60a04305771f44d84aa04cc4f4ea773ecde675f55f03a7105f893320de0b8e629a1