Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/10/2024, 14:27
Behavioral task
behavioral1
Sample
13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf
-
Size
80KB
-
MD5
13bae8691787b801e02f742ccad18f3b
-
SHA1
0859e5ddbe90851e7173a9832be764a3ef8ee94b
-
SHA256
bed7f18f06bcaf00edd4d606aff0fbc8b0b4be36ba7f716e3a7b1fe93700f1a1
-
SHA512
c665a2ae1a780974c7ad386b0481aa5baa0755fe47dcacc01ec02371eafd07497fd8c84c7f9f3f364a6b23e7293f64da56c1bdf480411f54b895e6226ac2fe83
-
SSDEEP
1536:KFRgP/6iipMjMpq8Dpit8c/u1XvQj1arZ8566WveBr:GRY6ii+jMo8Dwt8cmRYsrZ8566Wva
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1812 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1812 AcroRd32.exe 1812 AcroRd32.exe 1812 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1812
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5955b499d3152d885ed2896f597b94629
SHA10a47691e87c3d455935d406673a646f4cf69c9d9
SHA25638451d7ef01e84849d2975611c94f61222340dbd09683c34360778bc95304c8f
SHA51297f44496cdf3e5963a6acc807aef280eba9ff157d9492e30b43405e50be385baea88e6a309c1e218ad7e34f4275e5f7850bf321811c39394091d9a7bd68cfc79