Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11/10/2024, 22:04
Behavioral task
behavioral1
Sample
37059b5372d5a7826ad6c6092b25a228_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
37059b5372d5a7826ad6c6092b25a228_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
37059b5372d5a7826ad6c6092b25a228_JaffaCakes118.pdf
-
Size
122KB
-
MD5
37059b5372d5a7826ad6c6092b25a228
-
SHA1
db95ed8d9450c8ea9f856dafc0d22b7e61d2e6bb
-
SHA256
f967f521ab6806ba5841519d328aa98bad98fb673482d09b46b6b4762c1ec457
-
SHA512
da83274fcb4a3f77c837d0227740872bb7bd1a72df82365f00d404c74dbcb8db5866037848b91b12fc7ba96a2fd7744ca7b08e7e334ab074901d83c158056840
-
SSDEEP
3072:CZ5ZAImsZBTm6W/b7CJu9xAITPAyLlLRL0eRx:uvAIBqbiJu9xbAyLtH
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2204 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2204 AcroRd32.exe 2204 AcroRd32.exe 2204 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\37059b5372d5a7826ad6c6092b25a228_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57652353285e82683f32b4f8040316889
SHA10cf562f8c8ca9e23daedca5db6410008211287d0
SHA256ff23da7387338c765503eeff983ac2fc5f8270f82b2954bbc3dc586287b50550
SHA51262bf4079b2decf65a5f8ca9172a2b2c200ee7add1342d28f4ac12f02cc382d423df793716c23ce3dbcf70a7ac8f95949829d26dcc8c1b0ee60a1b623565dc475