Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11/01/2025, 06:50
Behavioral task
behavioral1
Sample
JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf
-
Size
71KB
-
MD5
f9fff28cd29bbbff34caa35d43b7020a
-
SHA1
6dbd739473f18436090042b57033ece917f2abcc
-
SHA256
ce0f305e39e1b253f0c26f2b499cdeeb0a91cb8a5cab6531b51764b77ca518eb
-
SHA512
50b17ab39a20aa45cf383dc05246f69889bc32a482394688ce34e0ea6b04a89bfefe3e1689e61933ed014fe757bac9b09951d879dc39adea22fb5ddfa149d2b4
-
SSDEEP
1536:mkZknanejCdopOmL1nL3t+ripxWxApOGzWNzttF6ReCC:rZ1C8GO8B+ripW3GKF6Q
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2376 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2376 AcroRd32.exe 2376 AcroRd32.exe 2376 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD560d6a6933455cd4bd5a3ea795e4d38f4
SHA159b1092c5946ab1550d6f698ec033f2ae390c2b5
SHA2562c876b1f427f81a63fd3d8b7070a75456be8e4b2d336ab2557bbe7a7f792da9a
SHA512f44ab2be31289ac7a26889e3a7d052ec40b9486f7376712ad80767ec190939e142323a340ded23c802e4a06ae28806556a0e9790e04d401d0eabbfdf96bf1b4b