Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01/10/2024, 04:00
Behavioral task
behavioral1
Sample
044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf
-
Size
84KB
-
MD5
044ace8fe9e49e2cbd76700a64a4e084
-
SHA1
d5b9418f51f25c7bb826e6dda29b738da952ae58
-
SHA256
0c15c2a49f6f1b51683cd08f4e4fa5d16c983a97ff68d79fb1049d0749a1ab61
-
SHA512
6a210c68dad4838abc3d667d1032baadf5f399eb47648446ac911c42a5d2a6ce9b9554863730452b956eb995fdac5d9a3e8ec182b8b34edb3a69794701cca7af
-
SSDEEP
1536:8rcuRwgBCXmf8ATmAFErLHONnNPULgtdJJ7JzKET8C9v7WHUUUbMAuJ2ZxWUpO7K:iJCXm3iAFiLHONnCLgtdJaET7vQUUjwZ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1952 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1952 AcroRd32.exe 1952 AcroRd32.exe 1952 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51ea87815a5241c3d3611f1000eae53e7
SHA1264ff58b0051ca4ef02a99cd262f0d6f76508623
SHA2569022b195aca104cde22ac9739f3a6c18202463905a376d50964cb9a74a6a7946
SHA512dd0eef867c997e1f6e313a2648ec495872aa50292f584bca405f932837476c15f0ea66a9ca2ca1fe20d8c24d0df5d62b21badff4b6896aa28cdf0fb20f83b680