Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
21/09/2024, 22:43
Behavioral task
behavioral1
Sample
f0c243a3939a1de03ca7f1534b5c77f5_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f0c243a3939a1de03ca7f1534b5c77f5_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
f0c243a3939a1de03ca7f1534b5c77f5_JaffaCakes118.pdf
-
Size
41KB
-
MD5
f0c243a3939a1de03ca7f1534b5c77f5
-
SHA1
ee9f20b3c16a5d376e442cf26676d9c0bece65ac
-
SHA256
95636ddff1bc4457ec8d1357be149448ac8d2fcdbe2a8711dae9018e90a4a7d7
-
SHA512
8ddca5a680ee66bd360418d122da47ebf6bb94ccd4b2588caad2abc2d844a61ccfc40a97504b1aa966a71d7045c53a3d068f19c82f82fbf9069ada331e8a8327
-
SSDEEP
768:BXuMZmwgCLWar4m7/2qvFyPxJFYHRnb4MvDy4JftKPNJS8SCheu:BXFZmGWS4k/2qvFyvERbVPteNwRueu
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2368 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2368 AcroRd32.exe 2368 AcroRd32.exe 2368 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f0c243a3939a1de03ca7f1534b5c77f5_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5edf0b88af267edc418fca80ffb687a1f
SHA1f1dd7cffee4d23ebd9456be70226dec26c8f1534
SHA256cb06f548399e5446febfa615ab77775f9a06b708c46f4c7bfd41fd6708c03ebd
SHA512a7210e1606ddc223fb889aaacd6c08f52a989c2565478d31e731971de23e19635ba16a3e6041f9c04d5a824c95eb81ad0e595ccf0b0bd2c34f5e5d4f0547677b