Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Material.pdf

windows7-x64

1

Material.pdf

windows10-2004-x64

6

Analysis

  • max time kernel
    147s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2022, 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Material.pdf

  • Size

    350KB

  • MD5

    72c812cf21909a48eb9cceb9e04b865d

  • SHA1

    2dc265f23be4cf7cda328bdf5826601cf4f4bf43

  • SHA256

    39fb927c32221134a423760c5d1f58bca4cbbcc87c891c79e390a22b63608eb4

  • SHA512

    dd246487f348dbba52c7dfaae3f943b0324414c182e0de862db7d23e82ab5362c21b8733cf84af466529c631938fc544d96d78c51ea4330877993e9da7e5cbd3

  • SSDEEP

    6144:zB1De0g/RC7lTqMAwraJOZMtXEHJGPSgwsTx/xE99jvQrZqZDxlK0oZ9TK2A6CO8:6+lq1wWAZMtUHJGPksFJYtdlK5TXuWM

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Material.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://a.pomf.cat/hgfetb.R11
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:360

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a95516dd63a2facfc490fee74d277637

    SHA1

    1f8e57aeb3e81c852cb0accc1dc1bb46a34df073

    SHA256

    4e16bf4d86c7a10fbf80b7dfd0527d78149b4ae9e3ee40b9260a907dc3acafb2

    SHA512

    f6e40a80b86f50f81b64a29535392bb77e5a703495461e62a159a98c9b4e8f3a4452404343588093053ab0af739cbef030e68dea3da92eddf448a359437ea5ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MNFAJYX3.txt
    Filesize

    603B

    MD5

    4fa92d4a9f7eee391ffd4b1672ce949d

    SHA1

    322ad6fa45f3bdf9ccdb37a24cd4f4acd36f606e

    SHA256

    47adca6f925e878078d2429163183f26adf23727acf79adb72b5fc6c81f6d347

    SHA512

    0f51eedc6ee73d7bfab3de595e895f6bd26b6e194eb7a512cc91185081acaaa9da2daf954177fcab134a726cefd182962ca801cf80e493462a103f235b62e004

    Download Submit

  • memory/1464-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

    Filesize

    8KB

    Download