Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6

Trivista D...23.pdf

windows7-x64

4

Trivista D...23.pdf

windows10-2004-x64

1

Resubmissions

02/08/2023, 13:27

230802-qqdkmseh36 6

02/08/2023, 13:06

230802-qckrsseg74 6

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2023, 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trivista Dodge City LLC Invoice 8095015 due May 31 2023.pdf

  • Size

    195KB

  • MD5

    06ea22ee0616a93f9d9fcc63bbfb55f0

  • SHA1

    6ae3512a6766bf1298228fdc10a6c60b45b92587

  • SHA256

    a0795d3cfdf1038ff9e92eac0982131c5c8235c9751e2873dbac3b7fa5a9376f

  • SHA512

    1911ce9c09e0c7213d2d5f3f93298b7dbefac8aeb031b217e134337500c5a48ce158107373784d7c740d1a2a4ebb43afb00573a2b02acea900551330a73d970d

  • SSDEEP

    3072:xgKsxEOQe7lMlhGd8PDHCqbs0T5T5vRyDDtOtBPxmQ+nilX0U8xoKjFkCQhaqVs:1WCexMlhIE/I0TJmDDtOUQ+nYIx/f

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Trivista Dodge City LLC Invoice 8095015 due May 31 2023.pdf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://urldefense.proofpoint.com/v2/url?u=https-3A__mnhrb.lovernive.com_-3Fewg-3DwtctfbWJyb3duQGVwZ2luc3VyYW5jZS5jb20-3D&d=DwMFAg&c=59WElTcIEwbBjXQe6gMr9RyqhrzJYRWAhv5h0b8rPQw&r=RHcNDwnBFGWmlG4WXI_8cNvrjBLzYnLTlFrd61W9QaY&m=4iv_9U1UYgtned3oVTyyva7RQsbYDdZYKGPmBTOBxoy14GEj5D3WYgYPY0Jw3ImB&s=TyauxFT2CYF2NlhzLqeK076IHo6e5PUAhqab901lWx0&e=
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bd2e233eb0dbdf4e007a8a99d849d58

    SHA1

    febd4409bf6705a67765f6880e7d96ed9b2f8382

    SHA256

    9b4c2eb0dafc10d1b6877edb02ae31d6e5a738e06d0c9263bfca05b97ff66ca3

    SHA512

    bba6eb1288efe25da8bdbc5f96279fbd0429be8c4649b7bb90e080f558f572edfe87c9f06c60afe75b7a071211711c86e940ed2cc822be772ed196eb4ebe010e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d41c3e39a1374f5628c5ed44234f6048

    SHA1

    98153e02f9cff1780218f6b4b9844ecda7d9a984

    SHA256

    cb93abf0a6a1f93d64c8bf049439682e90704f527843c96c4324f408e99cf987

    SHA512

    5bdcd64db8f33492c13890ce960d0bbe701839ae3d1eee1d892899945d0331d6d879d079ae6c20814abce2134f90c4a2964362b1bf12f3bd13a3cc56ef07096f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbf61e3caadb829d826ace2d8a164e8c

    SHA1

    b0701199ab060a7ce8b285425d72a2db305fc628

    SHA256

    eff6910dd0e9d3e49efa17b4d04d664ae54f14715ef479257891a5059eb6df5e

    SHA512

    a2c06ea737f5a7cbcea6c75e3922ac317fc6efecd4fab629e37974675d2998de982ddcd54417889e0aa27d920138eb545bdd2cc6931c7160657842c7f6b144bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af96b64e9e1cdf42ff7fa268f756573f

    SHA1

    d156ec0c482e8e7cf239165a49cab4ab95aa5da3

    SHA256

    7f9ce889fedd5c47dcb0d36703dff1a1d76af9a5dc148e4884323654ffd81073

    SHA512

    9169662b1d6c302be4bfbccd4bcfcf22db85fb8e20c1f243dd3fce3eeb8a788e1bf359b3b21745d2178ea18e6fe3282ea1114c081fb32799f36c86e7a1c6df5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9e1d3bf0f362e23a2f50b511cced8c5

    SHA1

    654807670b61f397b880e8d362bbb3065e1a9609

    SHA256

    e5e125c50f45c296049a84ccd84686069aff02e21d721b2909110e5222ba99de

    SHA512

    aec1a810522e7d236a1b6adbe969b09ac505c279709225ed3881073fd925d8884d74546f872194c577bbcd51229181a0c1894318751afcf3ffd7620e463c81d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6687f8c6d95f339fe319e1904faab0b6

    SHA1

    39873d811e739e1aef7841a1647c4aca335b8b83

    SHA256

    89e49d0d06f9967c8270ec421a858bddcceb30e8f8f914699f151320cb123710

    SHA512

    5badafe59f00a114c7648788f54736e399a6e03ee4390b8ca2409b0713ff8e1e02a1eb9206ba62f3601f0355b4346c0d2a15de4499b0c3fb1d94813ae7065cab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffcb15a5656f561f1d83537856c13ae4

    SHA1

    a0c185632822ecbd3abd6d1c18e273e71dffb3b4

    SHA256

    6878d9a252663b5d4ad0f8aec5579879739f38347a761cf22b648334cf1e6b89

    SHA512

    e168e2350c8d2d4651340d8437f7d5893f3d196d6131502479b6b344527f0c85d7a6f325d749860d7580012bb818719dbcfdf78b3bdd889b91b17d13512794fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    690c7ac4e585482052eb190a283d098f

    SHA1

    5276e61a0d76ac063090ff1478f8548445790bdd

    SHA256

    96ae20658e8ff705b87ea76a4457c16a10de7c1d35548b466d50c9079370e38c

    SHA512

    59091d9eef648a0a3c65ba5cecc5f0b5d2289aeae7fb9cde5b53df82b273bae915f37f39e6c4ca41d27f1244ee1fbb98bb689e834449aed636b7ba5c3d3e2f5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a9f707a31310e1b34c0bd792dae9aa9

    SHA1

    2bd400e1ccc0162e8c84375b0d3b054c2388ab1b

    SHA256

    feb390486ed73fbe1afe516c301706bd59c7229e3613b87bc930e1722926b5b1

    SHA512

    eb75c6d33b79a902961284010a4236155bc1eabaa79102db44d454ef6405441c4a13e08087a9b516951b20fbdedaf72ef2ee32c7d53d01c973e0681e7768a1db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a2251a83af059f5b670feb24aa85673

    SHA1

    397916bf01c86e5fe230f6f02b24dc9f8ad7ca68

    SHA256

    ea8280937080f6a5f9701dd11d47936a8a1a35762c6b39c9c92fe3b08a2a2f54

    SHA512

    bec87ee0b8c1f0539b32d548c8d81d70fa8db5c600a97b6b31430a83fecf5ec09b8d20e2bf5cec953380d788fb91cf6986ecade28d6b12c7016bb306f99bfcf8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VKWFGCX\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE9D5.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEA36.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0a6a4616f9bec290edc509abdbe48585

    SHA1

    0047d51af361a14037a9e07ec23fa83f07666597

    SHA256

    0888e250f3bddb9f52fb037ac83a4edc3e7daad9a5825fcdb1edc1b288d802d4

    SHA512

    3bcc48ae11380f9762929cc3d05d614c1f4b35ecf2e5104b7e46683446578b96d6cba778e34a482197220b5dd2fe579b02b3978e0caafeca117f1e8c7a87f06f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\87QAQYEZ.txt
    Filesize

    601B

    MD5

    2b73949b0c1b75d6c53b0594e81e33ee

    SHA1

    0692cd1c138a8130ad6563ac79d6eb2dfe08e22e

    SHA256

    2cd2cc4a72e35d640d3cb05f815d084bf2102c8b93e289697d290503ae377360

    SHA512

    f21534ed2a513d5808cae808853d0304cbde19ee59c19f511db2ac921f2395bfd71c91576bbc984696b509d8af949a2a36914205112580b3940e5473adfcae51

    Download Submit

  • memory/3048-4657-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3048-678-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3048-679-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3048-4658-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

    Filesize

    40KB

    Download