Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Bica. 193.23.pdf

windows7-x64

1

Bica. 193.23.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    291s
  • max time network
    255s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2023, 15:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bica. 193.23.pdf

  • Size

    928KB

  • MD5

    c9841ac2bbbdcf20a821c9c3041a03e5

  • SHA1

    76c8e1778e5a8933e1c6353eca6ccd9f8795e160

  • SHA256

    d55851df9b1c6c0ce76fd18a9defe15103c2f9628ddc853bc6f5889d5d4036e9

  • SHA512

    a066c312993253a3a311f3fabb3476d24825d80fe7a98c02adab20dca85b1c9c3f618b8a801bc87b101d4353a19f4713cbe4fa15fcc39628e9e7854be48a2cbb

  • SSDEEP

    24576:9Tm4+ME0PpztfLvlVeqM9f3RAJrbaRkbMt03f1M:9UME0hFDnGx3RQbaRkItP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Bica. 193.23.pdf"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16C6382E08835C02BCE9B636E750B914 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3752
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=58B19AEE6CD99567EBA4C646F8B0A434 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=58B19AEE6CD99567EBA4C646F8B0A434 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1512
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=12C08B1D5DFB162DA58766CFE049E53D --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:5028
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6BC3C1F8459D18118B79D5DF8B6C3204 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6BC3C1F8459D18118B79D5DF8B6C3204 --renderer-client-id=5 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:3732
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1EDB4EE64E7A6C075688124760DA3921 --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2032
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2CB2BDA955279CBB783B6B24F0E98AA2 --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:3560
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4356

                Network

                • flag-us
                  DNS
                  208.194.73.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  208.194.73.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  8.3.197.209.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  8.3.197.209.in-addr.arpa
                  IN PTR
                  Response
                  8.3.197.209.in-addr.arpa
                  IN PTR
                  vip0x008map2sslhwcdnnet
                • flag-us
                  DNS
                  72.32.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  72.32.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  108.211.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  108.211.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  2.136.104.51.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.136.104.51.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  158.240.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  158.240.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  137.0.85.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  137.0.85.104.in-addr.arpa
                  IN PTR
                  Response
                  137.0.85.104.in-addr.arpa
                  IN PTR
                  a104-85-0-137deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  78.121.18.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  78.121.18.2.in-addr.arpa
                  IN PTR
                  Response
                  78.121.18.2.in-addr.arpa
                  IN PTR
                  a2-18-121-78deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  50.23.12.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  50.23.12.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  56.126.166.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  56.126.166.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  1.208.79.178.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  1.208.79.178.in-addr.arpa
                  IN PTR
                  Response
                  1.208.79.178.in-addr.arpa
                  IN PTR
                  https-178-79-208-1amsllnwnet
                • flag-us
                  DNS
                  2.77.109.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.77.109.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  90.16.208.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  90.16.208.104.in-addr.arpa
                  IN PTR
                  Response
                No results found
                • 8.8.8.8:53
                  208.194.73.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  208.194.73.20.in-addr.arpa

                • 8.8.8.8:53
                  8.3.197.209.in-addr.arpa
                  dns
                  70 B
                   111 B
                   1
                  1

                  DNS Request

                  8.3.197.209.in-addr.arpa

                • 8.8.8.8:53
                  72.32.126.40.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  72.32.126.40.in-addr.arpa

                • 8.8.8.8:53
                  108.211.229.192.in-addr.arpa
                  dns
                  74 B
                   145 B
                   1
                  1

                  DNS Request

                  108.211.229.192.in-addr.arpa

                • 8.8.8.8:53
                  2.136.104.51.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  2.136.104.51.in-addr.arpa

                • 8.8.8.8:53
                  158.240.127.40.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  158.240.127.40.in-addr.arpa

                • 8.8.8.8:53
                  137.0.85.104.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  137.0.85.104.in-addr.arpa

                • 8.8.8.8:53
                  78.121.18.2.in-addr.arpa
                  dns
                  70 B
                   133 B
                   1
                  1

                  DNS Request

                  78.121.18.2.in-addr.arpa

                • 8.8.8.8:53
                  50.23.12.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  50.23.12.20.in-addr.arpa

                • 8.8.8.8:53
                  56.126.166.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  56.126.166.20.in-addr.arpa

                • 8.8.8.8:53
                  1.208.79.178.in-addr.arpa
                  dns
                  71 B
                   116 B
                   1
                  1

                  DNS Request

                  1.208.79.178.in-addr.arpa

                • 8.8.8.8:53
                  2.77.109.52.in-addr.arpa
                  dns
                  70 B
                   144 B
                   1
                  1

                  DNS Request

                  2.77.109.52.in-addr.arpa

                • 8.8.8.8:53
                  90.16.208.104.in-addr.arpa
                  dns
                  72 B
                   146 B
                   1
                  1

                  DNS Request

                  90.16.208.104.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  7430129f72ccb0b0e6c4fa7944174749

                  SHA1

                  df131ea8139ac44f6bb51ba716a08811796c5dda

                  SHA256

                  e92cc3e199cf591762336035cdbc8c383d4065fa7d0fb0fba49b1c37cddfd1f0

                  SHA512

                  45d0df666a6f93575d0a669199bf6b39d27b622d86950ee6034135febe5cc926cc5cfe78be6187338d30431464602bb94d2a819a89b0258c53c87cccec459847

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  edcfc0e426d93830b0e9d2166f095096

                  SHA1

                  858070a3c3204819110a07be81c09f6626307f65

                  SHA256

                  e9f218e0571e3ddd2b56aa3715ac23807d6ca892f5e80dcd9e4f51fc2061fb0c

                  SHA512

                  829a1098435bce02126225229feb2f3039d2516a52e38772474e4d614dfec33ee2ca687cde2ff039ac67ec6ac0556be8b581f1862f782ebd7e8552b43c0d53bd

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.