Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/01/2025, 17:28
General
-
Target
JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf
-
Size
12KB
-
MD5
37a937a69ca7001d8b675099d1242d04
-
SHA1
19ac1c206eef105ff9cd761dd1ce8c9041c2a27b
-
SHA256
4a3a0096da6cae09ca48404837f4193a1eb8d83bbc0b0723f33fee3bdc7fa8e0
-
SHA512
6cfe0fb45e8a73be3e79e4b5080222c48c4ab4c35bcbb76e9fea78b16d3265ec39891a10560f12b8030ab2462b34ade7a1964627b5e2df0f3757b6de8e345517
-
SSDEEP
384:6hzaNwAO9GiJlDmlAloSAhmbZ9/8Qi/60G7J8vKIs:ahZGirHAhmbZ90QC6dJiKH
Score
10/10
Malware Config
Extracted
Family
latentbot
C2
geurdenwoldran.zapto.org
Signatures
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB
-
Filesize
4KB