Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2025, 17:28

General

  • Target

    JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf

  • Size

    12KB

  • MD5

    37a937a69ca7001d8b675099d1242d04

  • SHA1

    19ac1c206eef105ff9cd761dd1ce8c9041c2a27b

  • SHA256

    4a3a0096da6cae09ca48404837f4193a1eb8d83bbc0b0723f33fee3bdc7fa8e0

  • SHA512

    6cfe0fb45e8a73be3e79e4b5080222c48c4ab4c35bcbb76e9fea78b16d3265ec39891a10560f12b8030ab2462b34ade7a1964627b5e2df0f3757b6de8e345517

  • SSDEEP

    384:6hzaNwAO9GiJlDmlAloSAhmbZ9/8Qi/60G7J8vKIs:ahZGirHAhmbZ90QC6dJiKH

Malware Config

Extracted

Family

latentbot

C2

geurdenwoldran.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2128-0-0x0000000003D50000-0x0000000003DC6000-memory.dmp

    Filesize

    472KB

  • memory/2128-3-0x0000000001120000-0x0000000001121000-memory.dmp

    Filesize

    4KB