Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
11/01/2025, 06:50
Behavioral task
behavioral1
Sample
JaffaCakes118_fa021623e8696b9a1e3f57e23af1d09b.pdf
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fa021623e8696b9a1e3f57e23af1d09b.pdf
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_fa021623e8696b9a1e3f57e23af1d09b.pdf
-
Size
81KB
-
MD5
fa021623e8696b9a1e3f57e23af1d09b
-
SHA1
acc4a1d5088ab3ffb8f37fb389c1c87534ab767d
-
SHA256
a42c594a215fa01823ae5acc488b43ab41580ead2eb87c3a7f8b443115db2807
-
SHA512
f1490db960868e953a6382ab356ea55f778e282742c3f6ed247bec732aafdb14e533d6a22d2841c3429b0088c94e6ccee6aaece9d952e5f66b1f9d0d0dd2b5c7
-
SSDEEP
1536:pq5oFY508RZZ9UZProtH9BTIbTRonwgyeOY5ctL4hOP2qbYVdEqWuUSc9TskZtd6:45oFD8TTUFqBTIMHyfY5ctLQgbYVdgNU
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2092 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2092 AcroRd32.exe 2092 AcroRd32.exe 2092 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa021623e8696b9a1e3f57e23af1d09b.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51222fba9a2b113346ac4022bf13aaf76
SHA1f89ca576c2ef745d612ef713cbd242368091255a
SHA256d7a6827b01f0f47e140c2b40cd5ca9c4c476299c79e2cf4d6bcb8476ce757fa0
SHA512c4474c7a81c867dd34ddef71a01f9a4103b22750d537860387c3e0051c02369662c3dc8bc33e63eaeee61dd2e231192f43556db30754ac0fc70120b07bc9b131