Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/10/2024, 10:11
Behavioral task
behavioral1
Sample
397621a53d346909e30c6d8803304974_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
397621a53d346909e30c6d8803304974_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
397621a53d346909e30c6d8803304974_JaffaCakes118.pdf
-
Size
86KB
-
MD5
397621a53d346909e30c6d8803304974
-
SHA1
b3d7cb3aa0f2794eeeea0d929d1182cb4aedd235
-
SHA256
838048ac8213fb5079f4639724862664c0d3c8856ed71b5df9d917bf3b0ee908
-
SHA512
9482ceb572ad441a8a1151e485db653476a400f36f054a61212b7056327a6751a96351b077170fdc84f413d3864489225c2c2070e020875d8883f89e329b4be7
-
SSDEEP
1536:AAJpl1S6BklXJePzESjipV0TQYwKuQj/ZJnW7lNa+G+TR1THuWQXHLDWcpOmYnhV:XS6Bkh4PzESjWqk7KuQjbsa+RR1THqXe
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2912 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2912 AcroRd32.exe 2912 AcroRd32.exe 2912 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\397621a53d346909e30c6d8803304974_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5622202d7ac6f250d98a24d219acb2bee
SHA19ad7a14c5c0978acd18c2cfe84e37b7ee7c756c5
SHA256ec1cb14e4eaef8a5743dd24942ad936a10d82899f8d49f1065ff1cb5e3813dfb
SHA5120bc9f8f6bfed5707e9726081122893d6add37ea4942e59b9ef68440298c787d28051b55e80d045d100a6e32d54347c2040bf8244e639940020d946d3c298a67c