Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/10/2024, 04:18
Behavioral task
behavioral1
Sample
3dbec69d62025f7b170172805b2ca867_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3dbec69d62025f7b170172805b2ca867_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
3dbec69d62025f7b170172805b2ca867_JaffaCakes118.pdf
-
Size
87KB
-
MD5
3dbec69d62025f7b170172805b2ca867
-
SHA1
9cc411d0d415aee3e7ba4e34f0aee43913645aca
-
SHA256
78e4fc5d91a232fc57ede82402536658932a1396ca24f7a46ccce322f0f73f2d
-
SHA512
9859ed6d65c59e5a1b3a7da8d5a7c17717052378b79d17e8d3308de9741b5160b68b090d7503d1ea3f69fc1211aae48192bf197c4119eac3b2137f466b48dd10
-
SSDEEP
1536:l0OJhN2mPBMN2FO7SNmdAxE3lYw9JpZWcWhybXSk7eSLWeOdk1qWQpOCokxo:eOJr55W2IqG5VYMzXNbXJaSB1tCG
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1732 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1732 AcroRd32.exe 1732 AcroRd32.exe 1732 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3dbec69d62025f7b170172805b2ca867_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5eadfefd5e356bc97ac8fb65685a91e9b
SHA1b45d82047fbdb9007a48498d0a7e69b0e8e4e547
SHA2569c68a82da9aba116fc4d007dbe4b50110475512f658958e292c033860b86a0b4
SHA5124203f609d6010f5030b51d010180ac81f7b63b1fe3be08705b1fdb58476be5161dda71f3f1c5542593f55f5fce2d8965d7a8d767abf3e1e1ca075c071a400e9a