Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05/10/2024, 08:46
Behavioral task
behavioral1
Sample
16fd278dab80ef7e335c9941d6cf7fa3_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
16fd278dab80ef7e335c9941d6cf7fa3_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
16fd278dab80ef7e335c9941d6cf7fa3_JaffaCakes118.pdf
-
Size
33KB
-
MD5
16fd278dab80ef7e335c9941d6cf7fa3
-
SHA1
d9f1049e54a81831e915fb324c157642e245cd71
-
SHA256
3d6b62cbdf8a0c2b33a799406e18d4841724ebc5f37ad5876a7d95045e28a2a8
-
SHA512
b25ac37386a583f01393f664cf7177b69e0f06a7fa36f5a966dd829dd248ce06bb026b7d53e67620fd90c7eba80b41db4576e73ea435237a324d2b28173094e3
-
SSDEEP
768:ogGzpD4uY6mJMhccElm74Cq62FrmixJMlEymLOC/lhet1Gt+4:lGFMuo/FaiUEymLOsn6Gt+4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 320 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 320 AcroRd32.exe 320 AcroRd32.exe 320 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\16fd278dab80ef7e335c9941d6cf7fa3_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53ed5488f24a1da4b819f3facd83d1c01
SHA12ce3776b3691c504f57c83a04629b25c4e2dee3e
SHA256188e6e3cf2dc39fd7791648077fa9332a11eeb29bcd78610216099e4479695d8
SHA512b52551c73ddc2f0c325f09387ba0eb14a8de22559dda89a1c2cbfcac74cdd31b4df944195ab114eef353b88ccb8bda90d42f3106c7fe95b70584317e2248f022