Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 08:59
Behavioral task
behavioral1
Sample
0ede4694ca30c6a2080b86b8708300fb_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0ede4694ca30c6a2080b86b8708300fb_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
0ede4694ca30c6a2080b86b8708300fb_JaffaCakes118.pdf
-
Size
75KB
-
MD5
0ede4694ca30c6a2080b86b8708300fb
-
SHA1
6e33f0dd15895504104a4f55baf001d43baf4f29
-
SHA256
776458850d7c63c1b4efc15f99ada1cae5c8c5cdeebd07b1bc0e655bcfde5654
-
SHA512
040d75df55e13630a0155dbdd7b2c241cbbfde96ff892d7096786a861b4830700368ede7bc140e65856f9444b295f9ffefd4d0b7ee5d2e0e71d90aeb82c04ca7
-
SSDEEP
1536:rqUXFPHWbH5zAhrHQUJLBxssGriTHoPAPzPX5NcMLAh0x0kjSDG11U/:mzdaDQUrOsmiTHoY12T2xSG8/
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2432 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2432 AcroRd32.exe 2432 AcroRd32.exe 2432 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0ede4694ca30c6a2080b86b8708300fb_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD580cde0a01ea8dce76cd93fa3ab4f2a00
SHA1033c1f1868d95626a2aef7ee14893f8e4dd71f10
SHA2563dc3acda3c8133ee274cc2b8f89d9842ae5be476e0c0387c796162b2ea70c546
SHA512bda0417c91823edc453801f9a75ca6312442d80b987ca84963af0acee5ea3ca1413ccd08cd62aa2758003047cf0d0d35190bc734b825c7f3832dbf52331e732d