Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/10/2024, 23:35
Behavioral task
behavioral1
Sample
271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf
-
Size
75KB
-
MD5
271ea75c1cd679529e825024aa9484cb
-
SHA1
0b8480d553ae62ed82d948a8d28890c391097006
-
SHA256
c8c4a889d3d1bdc8dd08b45dd5612401b0e4c4c58233e7f065ebc61a9a6c326c
-
SHA512
0b8f5621b928a358be102c0971a7de60cb52a3230df3f344d61a866fe7d94f3feba7921d7d206fc77e1783cb35f4f53f3c31e782a9d5b8c4fd2480dccad9d2db
-
SSDEEP
1536:QJe8Mp/H++56evxXldui2y4X3wEZb6PUWiuZMZWbpONiW0japA6COFT45XUc:a5MpH++UeLdwH+auZMbN1hFT4F
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2824 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2824 AcroRd32.exe 2824 AcroRd32.exe 2824 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f8b94b9e3e6ca976cc6967fd90108977
SHA168693035b820cff614954925ffe3a4c85870d041
SHA256c1fdf715a714b5988417ff1bc84f72b92dfadfb369b8116582366f4bf24fbb2f
SHA5125181d7a1f940639f983463ca95936228f29fa13ccf71203c7123770e561590a6bd799291fbb67d0baef96acd8ce4e88c99e2435fe06be11a1e13bbd24f837cee