Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19/09/2024, 06:46
Behavioral task
behavioral1
Sample
eac958d7811817370497f12888379e05_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eac958d7811817370497f12888379e05_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
eac958d7811817370497f12888379e05_JaffaCakes118.pdf
-
Size
42KB
-
MD5
eac958d7811817370497f12888379e05
-
SHA1
cbc97e63abf891a4f70407d57ded9fa8374738c6
-
SHA256
cd66ef35505614e85427fe555e204ddbf8016fa99bf2621f6bda3f3df32600fe
-
SHA512
2fe16e57d90ff761a373f20cd4398daf27d944d7ec5664ceaf0f4cc31c88067abb56716d3608f01b808feb123c165956d4ec2d826dc307686d3c354915b9dd8d
-
SSDEEP
768:GXuMZmwgCLWardE5Hpxu1Jz9JRST9Znh+La5yS1ctdqQ02ws0+lR5uTINHesbEbW:GXFZmGWS+ju1Jz9JRST9Znh+La5yS1c3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1348 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1348 AcroRd32.exe 1348 AcroRd32.exe 1348 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eac958d7811817370497f12888379e05_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5548bded6820a6f7f8eff3a5d8b2277aa
SHA15311f1970cc8b84f6baaab1aa6a45a6e1747965c
SHA256a5731668090683b46038089cf4a441c8c304ee58f94d0c0124fb1f1887c2e1c4
SHA512bd25337b80c8cb86f2501f6ffd237d27087e1667ac8b3acc966a04cdd2516195511b2ca1cf920925d9a9ca1abc88069ae198697594b60fa30dc58401af0610d9