Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 15:39
Behavioral task
behavioral1
Sample
0b64d686554702cda07fed3c83291bbe_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0b64d686554702cda07fed3c83291bbe_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
0b64d686554702cda07fed3c83291bbe_JaffaCakes118.pdf
-
Size
99KB
-
MD5
0b64d686554702cda07fed3c83291bbe
-
SHA1
7be0aed85392c93ddbd317f212994e30b63bac40
-
SHA256
fc548f18f03f228c5f285023526cce6072f1ae94a5d783f69ace8651d7e53c50
-
SHA512
5da48708f3315c9d6162d52474ee5347f1bdc2ae62e9eb230df44a466f9504d263095ffeabad97efc94792813789cc8355b424730fffe996ff17f0e730d16fab
-
SSDEEP
1536:n3a5uIS93i5xQmSfwHE2zX9JpISIhvytCDXiJwtiIxfxjZGe/hDpNuhMAnGkLSRq:3rlGiiX2caX68xfx1fWOAnJsbgj5p
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2700 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2700 AcroRd32.exe 2700 AcroRd32.exe 2700 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0b64d686554702cda07fed3c83291bbe_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58344ed5b7eb957e7b614a79a183a472f
SHA12d077c8fb59252663f8a5ae12791352f83cda94a
SHA256ac4661452a9d281302491d606618377edb2da98c4ba5a071990f88712a5e06ae
SHA5124c77fafda4e89183883945128d3834d691f84cec615535c57ff4db4c7d78dad78cbd9c789ec2f25666ede33751b916aa79c9791dda0ac3737bf5ba240ae896f6