Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
17/10/2024, 18:26
Behavioral task
behavioral1
Sample
53117caa6de2829fea0b862127b2d3b3_JaffaCakes118.pdf
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
53117caa6de2829fea0b862127b2d3b3_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
53117caa6de2829fea0b862127b2d3b3_JaffaCakes118.pdf
-
Size
70KB
-
MD5
53117caa6de2829fea0b862127b2d3b3
-
SHA1
c4144a8eb3b6093a855c6e622fcee509617e99b2
-
SHA256
dae5d0ca9584629e1402fc16a285db79e0c6a4819a73addccd73a192fff4c74a
-
SHA512
314fbeb4198a8f39c6c6c2ca3cf111b222926058aa88992836ea5663db0606b3c150bd05952e57510c118991a6a307a9005616021b74dcd79b5284da1db0622e
-
SSDEEP
1536:Z1l7sdYPLbeIuq4OoR067P4mkdwhO3v5UAfDn5:Pl7sdYDbeJZOoriKO3xn1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2104 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2104 AcroRd32.exe 2104 AcroRd32.exe 2104 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\53117caa6de2829fea0b862127b2d3b3_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56076183d82b0d37a1302356e2c470c13
SHA17758e0e049659eff87bc6cb189ca085354009d8f
SHA2560c627ec184b3af503451145738b1e0f61912cbced3ba47b81773640bbb49af3f
SHA51207dc6b7358da2043d08f3bbcf7a6e8bdaf4c4038fda83bf93a5ae89eb4cf5ec137c57d86e5c32ce83c89e79c501b285cc08cd68caa5703609f94c00f8330b39c