Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
05/10/2024, 03:07
Behavioral task
behavioral1
Sample
15ebe4ce3a20334fa4daec28068fd876_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
15ebe4ce3a20334fa4daec28068fd876_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
15ebe4ce3a20334fa4daec28068fd876_JaffaCakes118.pdf
-
Size
81KB
-
MD5
15ebe4ce3a20334fa4daec28068fd876
-
SHA1
f098b071270d9c353faab2b0054b2d08381ee03f
-
SHA256
e3bcad3c6107511759adc3c310d18ad8f9fed8e55263e4b689ffa3731dd56430
-
SHA512
937a2cc2c9f94e0152d14c21af43bd160197f56746512f5659bfd6cd304457a0d24da1b075364ff8af141f73c0e6423eb558fdd960736e871a80f142372aa755
-
SSDEEP
1536:FECykNbsoDjaNPrvV6tZniQ6uxt/LQdsshU7iI9L+7X7WkNpOPhsJoitWEn7CgBZ:i2NYoDizC19lfsdb0iI9L+zMPhni7n+g
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2160 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2160 AcroRd32.exe 2160 AcroRd32.exe 2160 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\15ebe4ce3a20334fa4daec28068fd876_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD564c149b973b898a802b5d6c8eb529e64
SHA1474cb3b05fac821a3a3de3dc422be7131e45a44e
SHA256374ba547dbe2d35c247cfffdc6cc0086a8a99f453cd34e6189303b39ffa6ad5b
SHA512ea7781a760665d35678269adcf49654c3b807179c120b28b7fc346d8b53174432d04d35a5846f999c633828904048202efe46e2d385fdc44ae1bc4aee654cea9