Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2022, 14:14

General

  • Target

    5c9911e58a54b679af77b96212a791447a31374faccc2d2e314beb31687f4d72.pdf

  • Size

    123KB

  • MD5

    3281ce2c486f7462c79fa207706694cf

  • SHA1

    bfb01a943541e973ec4a37b3b42ea4d8e7550efe

  • SHA256

    5c9911e58a54b679af77b96212a791447a31374faccc2d2e314beb31687f4d72

  • SHA512

    9110f4b32abc9ed7b12d291b9dab29ccfb903daac6d6509fa809f54fc600e593c1498506d4687307729f64ed87a73fbb148dff5fb95d8db51e9b6604e0a7451d

  • SSDEEP

    1536:a680m3GtfiWmX2RgBkLZavodSVBJ3M37XMOANB77cF5bnCem7sRtMTLCkRmZ:Y0jIkUTVb3M3TNwE5DCemoGGku

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5c9911e58a54b679af77b96212a791447a31374faccc2d2e314beb31687f4d72.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://evacdir.com/asks/bobo.grillparzer?TWljcm9wcm9jZXNzb3IgQW5kIEludGVyZmFjaW5nIEJ5IERvdWdsYXMgViBIYWxsIEZyZWUgRWJvb2sgRG93bmxvYWQTWl=crackling.inventing&retracts=sternly.ZG93bmxvYWR8OUxjY0dKbGMzeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:892

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    697ec2490d523f92596e4116a057e44c

    SHA1

    392aa141a0935545f894b00f8954251541b508e9

    SHA256

    2c20ebd50b97326d4dca9557fc8eece1bcb1a20fd7c26f92d2fe3400f8581bae

    SHA512

    da34d98c0594fd660d022d0d0daafe0d1ac201be7ad9187e000062f4db1e129f0c54081144cce07ebbc447cb0956af2971a75f4078fae1917ac97e81fd6e876d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5LL2U13M.txt

    Filesize

    603B

    MD5

    6130d2988792942855ce2215db084fda

    SHA1

    ca22ca7b8e7ea9af819e863693b8f5806fe99960

    SHA256

    d5e33cdd040341ec56f363e43c3c2023d3c40e53649cd22c50155a1dc5ecafd5

    SHA512

    e3216b98d7819faee1f6af34a3176e5f7a4dbbe28644adc26d3c078df43b1ccbde4bc6a56506a7b5d8595fd4925cb929096a4e946978ac9fd5974f9281c1d373

  • memory/1572-54-0x0000000076121000-0x0000000076123000-memory.dmp

    Filesize

    8KB