Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/09/2024, 11:52
Behavioral task
behavioral1
Sample
efbbc003662bfd561fcc8e03304e4f6a_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
efbbc003662bfd561fcc8e03304e4f6a_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
efbbc003662bfd561fcc8e03304e4f6a_JaffaCakes118.pdf
-
Size
86KB
-
MD5
efbbc003662bfd561fcc8e03304e4f6a
-
SHA1
22f6e3d39523121bfa3c60295f6e5a86d8828d21
-
SHA256
6def87fa729c815bcd60a413d64555c7a9b3443e7a5aa40d33e5b396cc6a685c
-
SHA512
d697059d15e3ccfe6ff8888e34d4cdd196d77e5c97783a5145c96f735971c0334cb6dd27fb7efc529a2626d411e3d5937e98bfee3382af95ebba67c198d61825
-
SSDEEP
1536:m03TzZnnwFW8Bw90NoLQjnaDOXR8UgWJ+PIGVm3W8pO7O/T:fTzpwFWAw90NoEjnnmURYmK7i
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2084 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2084 AcroRd32.exe 2084 AcroRd32.exe 2084 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\efbbc003662bfd561fcc8e03304e4f6a_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5992b10a5277048307de4ffa9aa1f0d77
SHA128319ccf58a8e8d59ecbda26747aac640a6dc3ad
SHA256ab9f9798cfe56c8e6d01a94030645528f28784eb6fcc6dfec2f403597cb2458e
SHA5125431e3d8739d77f0706c8cdedbe02f056f8204b29a04f03bb4b0f9b0184eb103fbfa3c0aecdeb598a11914709d7a864db397ed93515e9438d2cea16b8e800c77