Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 07:59
Behavioral task
behavioral1
Sample
e207ab311ed084d61a1563b78f77ed66_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e207ab311ed084d61a1563b78f77ed66_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
e207ab311ed084d61a1563b78f77ed66_JaffaCakes118.pdf
-
Size
91KB
-
MD5
e207ab311ed084d61a1563b78f77ed66
-
SHA1
c0e5f10055bba270999e17488e79dd28ca27d168
-
SHA256
f4f49e2189e2ce1ccab3b7a9da28d680dbbe6daabed8b5545148422dcf335b4a
-
SHA512
bda86dd5c9353ac834e4c7459a1fdbfdcf33e18a55f3419138862108b3156a5ebf25e11d36854f829a090b1f85f0a7813c201919693aa5a8089425f8df062bf0
-
SSDEEP
1536:7xZGeLYi2HMKPE83n09zICMA2s3N+5FUsWouneWB6cefypGWcpOTeKe:bGeci2TdX09INA2j5FUXebSplT0
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2748 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2748 AcroRd32.exe 2748 AcroRd32.exe 2748 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e207ab311ed084d61a1563b78f77ed66_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD591d8e96f3533a35239816181f798ebe5
SHA189581e3bb6349b14ba2ed4bd15acd2963caec357
SHA25604b6e6d828a92d97fed3dee02136d78075599cf69057522613aef8cb132516c0
SHA5122c5ae194a620f03c191c1df922f58d2c0fe4dc11fb28cd7c523949f627952c846865e09c715347450e3cae647e19576f1e1b9001cbd4a327f5e14ac57f48b468