Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15/06/2023, 05:59
Static task
static1
Behavioral task
behavioral1
Sample
Guyton-y-Hall.-Tratado-de-fisio-John-E.-Hall.pdf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Guyton-y-Hall.-Tratado-de-fisio-John-E.-Hall.pdf
Resource
win10v2004-20230220-en
General
-
Target
Guyton-y-Hall.-Tratado-de-fisio-John-E.-Hall.pdf
-
Size
45.6MB
-
MD5
643be342ed6372f44cfe0837ab1194c7
-
SHA1
a55c697ade8c09cc72648a3c46d91adcdd86ff48
-
SHA256
b7cd8c3b4d567bc03481ee06331784c69d2720bd2dcaacfb1523561ddf9ff140
-
SHA512
bf7eae9f00cffaf8eae5e0bc49aa5a410e1e8b8ca4a0ffe1ab691fbc453b8d6e6cb614c25cd3717c9ff3dc9e4a4b086f1223d970cf6d8baf79d2ea0638484964
-
SSDEEP
786432:hizlGlzeiz5rYh9DiUlEWfCE9V+m9MkRLhPWEMZLDs86anLW6X2Vt3B5fG9YuJYC:hDlyIr+sQf9yKNT9ozX0tRs9YaYC
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1196 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1196 AcroRd32.exe 1196 AcroRd32.exe 1196 AcroRd32.exe 1196 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Guyton-y-Hall.-Tratado-de-fisio-John-E.-Hall.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1196
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c0f00a0ef63456c17f8dac985707edb3
SHA1959c80c41cb95c24c2bb8f837b38c6c08c9fc28e
SHA256d24fa7d82834ae4a87f6b47fff63fee82ba58a5f8ad3ffbb629f1f8c7affa344
SHA512ec5badf1a66212fc1efa9bc5dd2cf9adc2807b0ab830cc7923c5fbf5bd16a27c1b80f0c5db6310c384859d493d4e790e4e138a7e01e3f87399fbaba4355f9db9