Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
11/01/2025, 06:48
Behavioral task
behavioral1
Sample
JaffaCakes118_f9f7d90a7d9844f50e8995dc58850545.pdf
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_f9f7d90a7d9844f50e8995dc58850545.pdf
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_f9f7d90a7d9844f50e8995dc58850545.pdf
-
Size
81KB
-
MD5
f9f7d90a7d9844f50e8995dc58850545
-
SHA1
44638089f5a24b258f9bae8c5f4000c2be9d52c3
-
SHA256
3285a6aea67436111de011ecc03c91d200b5c9288bef5114a2962f951ed5105c
-
SHA512
4b9df8145efe0e892f6d05e673393f8aeb053ee87b61f8fa10f243266050e8189987cfd1b19905130844b0a6b320a02f1268180fee99697d6aecbe7adf135e2e
-
SSDEEP
1536:W2nbe8asgBXjk4MvzzixBwfVU6YjsAQz+MCLWQpOCoWeKJUZuHCa:vaFd2ixetUNAA8C2CVJ97
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2828 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2828 AcroRd32.exe 2828 AcroRd32.exe 2828 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f7d90a7d9844f50e8995dc58850545.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD596ab06f4d593289869704de49463bddc
SHA12b928d3d1d2ef08c9d0eae21de361ef2bbf5e541
SHA256ebed7e42389277ab00f6ccdfabd95659c849991680d1874c73e4afee3e4bbe8f
SHA51284a6e7a44c64c247eaceccc858f5ca4777978a87b137ddcc5089f9c5db6d6d3cbae42bc05d6e23843dafdc2d93e08a9979ef73a4bf2f853aef19d30e2d9744a0