Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
26/01/2025, 17:28
Behavioral task
behavioral1
Sample
JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf
-
Size
12KB
-
MD5
37a937a69ca7001d8b675099d1242d04
-
SHA1
19ac1c206eef105ff9cd761dd1ce8c9041c2a27b
-
SHA256
4a3a0096da6cae09ca48404837f4193a1eb8d83bbc0b0723f33fee3bdc7fa8e0
-
SHA512
6cfe0fb45e8a73be3e79e4b5080222c48c4ab4c35bcbb76e9fea78b16d3265ec39891a10560f12b8030ab2462b34ade7a1964627b5e2df0f3757b6de8e345517
-
SSDEEP
384:6hzaNwAO9GiJlDmlAloSAhmbZ9/8Qi/60G7J8vKIs:ahZGirHAhmbZ90QC6dJiKH
Malware Config
Extracted
latentbot
geurdenwoldran.zapto.org
Signatures
-
Latentbot family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2128 AcroRd32.exe 2128 AcroRd32.exe 2128 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_37a937a69ca7001d8b675099d1242d04.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2128