Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/10/2024, 20:38
Behavioral task
behavioral1
Sample
3bed1c0923eb6e11d21921951e9d38b7_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3bed1c0923eb6e11d21921951e9d38b7_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
3bed1c0923eb6e11d21921951e9d38b7_JaffaCakes118.pdf
-
Size
81KB
-
MD5
3bed1c0923eb6e11d21921951e9d38b7
-
SHA1
692584b2edb6d976d35c0c546a863a4c54457244
-
SHA256
a6db9a7f9e40e1cc92a3eb9c957f242b693f39503fed8a20a60ae65c40e1db47
-
SHA512
8cd81a8fdbe7162987a32694bb06bc560cc5449da267ce88c0f4ab80f9c777fb572783a92bb3ab26d84aaa9d616f3256ed479350395a988da2753e9b4e92c7a9
-
SSDEEP
1536:FDoRbJWTQ9aLhI0z+WNbXuLTFJcIDIeoBWrP87egr8nyNWUpO7yuH:aVJeQAVuLTFJMoT5yw7H
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2516 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2516 AcroRd32.exe 2516 AcroRd32.exe 2516 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3bed1c0923eb6e11d21921951e9d38b7_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD551f92ac5a5c3a97d88884b49ce33fd5b
SHA1b75bfc501a72d1c2dbfcc80039f55918fc6de5b6
SHA2560a0092d4dcc852200afb66654f60ef2ac605543e2005fa590034164c52ea9125
SHA51298e5fc9c1dc0a9f28e0499eae0505283cee6d7c66e2c1b744f99cb7683d38b977452fab628d9b6e380dfc9bbc95fe68f1b5c5269a004a303e48e6b4567143983