Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
14/07/2023, 20:33
Static task
static1
Behavioral task
behavioral1
Sample
c3482e33360c529f8a39abff707b7616181fc236a4a0a8d7be122186022fa449.pdf
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c3482e33360c529f8a39abff707b7616181fc236a4a0a8d7be122186022fa449.pdf
Resource
win10v2004-20230703-en
General
-
Target
c3482e33360c529f8a39abff707b7616181fc236a4a0a8d7be122186022fa449.pdf
-
Size
559KB
-
MD5
d23d90f44d68d2ec624216bae4f377b9
-
SHA1
837e2ce6726be090cec126f1ec78b70297b859ef
-
SHA256
c3482e33360c529f8a39abff707b7616181fc236a4a0a8d7be122186022fa449
-
SHA512
eea19f19737f3ab63f0f4c79ba19d9d458e50ba51d3c41c81ae64230a7688045fda8ee237402246db78a5cebdf3abb302300ffa93e5e99133d91baed6babc20d
-
SSDEEP
12288:ondHj7vbBC8GUdqiKJ17lSxW/MwFAhc699wSShZvk6:ewUd5UOxWa66chD
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2596 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2596 AcroRd32.exe 2596 AcroRd32.exe 2596 AcroRd32.exe 2596 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c3482e33360c529f8a39abff707b7616181fc236a4a0a8d7be122186022fa449.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2596
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b875ee7433de11f217902fabfcb0e0cf
SHA1ffe27ee97104d0420d550bb72284fe3e02c5026b
SHA2562c9094e1db308d30fe0cd5817c1ba47087c15234591ea83004273c339d507f14
SHA51290948e61e5257974d92a35b9b5ffe1b93d91dd4149ddece1215292690f2d3aeb3560ab69277a9f4e3ae394dde0f8e504d4b26a8f6f396e719c1019bb3ec4025e