Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
4[email protected]
windows7-x64
1[email protected]
windows10-2004-x64
1[email protected]...__.pdf
windows7-x64
1[email protected]...__.pdf
windows10-2004-x64
1[email protected]
windows7-x64
1[email protected]
windows10-2004-x64
1[email protected]...��.exe
windows7-x64
7[email protected]...��.exe
windows10-2004-x64
7[email protected]...�.docx
windows7-x64
4[email protected]...�.docx
windows10-2004-x64
1[email protected]...х.pdf
windows7-x64
1[email protected]...х.pdf
windows10-2004-x64
1[email protected]...�.docx
windows7-x64
4[email protected]...�.docx
windows10-2004-x64
1[email protected]...�.docx
windows7-x64
4[email protected]...�.docx
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
05/06/2023, 15:14
Behavioral task
behavioral2
Sample
[email protected]/0001202110250033.pdf
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
[email protected]/20_10_2021_01_6101_21____________________________.pdf
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
[email protected]/20_10_2021_01_6101_21____________________________.pdf
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
[email protected]/ПРОГРАММА ДЛЯ РЕГИСТРАЦИИ ПРИВИТЫХ В ФЕДЕРАЛЬН�.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
[email protected]/ПРОГРАММА ДЛЯ РЕГИСТРАЦИИ ПРИВИТЫХ В ФЕДЕРАЛЬН�.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
[email protected]/�МР по вакцинации.docx
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
[email protected]/�огласие на обработку персональных данных.pdf
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
[email protected]/�огласие на обработку персональных данных.pdf
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
[email protected]/�урнал о ревакцинированных от ковид за рубежом.docx
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
[email protected]/�урнал о ревакцинированных от ковид за рубежом.docx
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
[email protected]/�урнал о вакцинированных от ковид за рубежом.docx
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
[email protected]/�урнал о вакцинированных от ковид за рубежом.docx
Resource
win10v2004-20230220-en
General
-
Target
[email protected]/0001202110250033.pdf
-
Size
350KB
-
MD5
89f98f4ae0285edc55fca7b56f75c46b
-
SHA1
4cc0d1bf2cdc28d9500d91bb31b19fe753af0106
-
SHA256
48064d925c3106cd19e33c7fee16d2459bd851fadbd4ea888f156b7705b9b25f
-
SHA512
0bc7b53c2fa55f6137cfcbce28d0de1ead02c2bd84ab62a5fb2177bb2945a67b9415c7df9b9466e6b4c98695ac64a302633333356855c0ea7c79ad0649f79353
-
SSDEEP
6144:NFqs9zWNCvNOrOUQ78yJUCJ+ukMKcSaN2j/94mwq+BtVS05OEYaQVXl0TlETO3:7qezumvj7sCkuOsN2L94myPVSGZ2B6Ec
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 924 AcroRd32.exe 924 AcroRd32.exe 924 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\[email protected]\0001202110250033.pdf"1⤵
- Suspicious use of SetWindowsHookEx
PID:924