Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/09/2024, 17:40
Behavioral task
behavioral1
Sample
de95db2a8f32e991d43d1cdde85703f7_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de95db2a8f32e991d43d1cdde85703f7_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
de95db2a8f32e991d43d1cdde85703f7_JaffaCakes118.pdf
-
Size
13KB
-
MD5
de95db2a8f32e991d43d1cdde85703f7
-
SHA1
3516e31951451a38aacd93f3d4a2c50cd9ed4abc
-
SHA256
d37a9313e6c8a94b067992bdfefda96d889d6f10eafe13698e6cbe8209b55e8e
-
SHA512
d27016b8f88d82bd2596f5cd032106f823ccd3b36b3d412ef70a59d196867e7255a6814b47ced3840935456aa3e99883334db79d1814bfe7474a8b529e3ad188
-
SSDEEP
384:DLEMMLEtysywfM4eR24CeR24+VAbn3JwCxGh4i9+N1O8pRPFOF++:Dg/glM4eR24CeR24+uRi9+N1O3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2380 AcroRd32.exe 2380 AcroRd32.exe 2380 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\de95db2a8f32e991d43d1cdde85703f7_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2380