Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Installer(...up.exe
windows7-x64
7Installer(...up.exe
windows10-2004-x64
7Surveillan...em.msi
windows7-x64
7Surveillan...em.msi
windows10-2004-x64
7Surveillan...al.pdf
windows7-x64
1Surveillan...al.pdf
windows10-2004-x64
1Surveillan...up.exe
windows7-x64
7Surveillan...up.exe
windows10-2004-x64
7Analysis
-
max time kernel
161s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
08/10/2023, 01:13
Static task
static1
Behavioral task
behavioral1
Sample
Installer(1.5)_2005-09-27/setup.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Installer(1.5)_2005-09-27/setup.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
Surveillance System(1.1.00052)_2005-09-28/Surveillance System.msi
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
Surveillance System(1.1.00052)_2005-09-28/Surveillance System.msi
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
Surveillance System(1.1.00052)_2005-09-28/UserManual.pdf
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
Surveillance System(1.1.00052)_2005-09-28/UserManual.pdf
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
Surveillance System(1.1.00052)_2005-09-28/setup.exe
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
Surveillance System(1.1.00052)_2005-09-28/setup.exe
Resource
win10v2004-20230915-en
General
-
Target
Surveillance System(1.1.00052)_2005-09-28/UserManual.pdf
-
Size
5.4MB
-
MD5
d2e96d7662bf3d7d85519ad36bf89682
-
SHA1
0c3d27e64bc54ddaac3f6d085ee62695165c02be
-
SHA256
78b998d4323ac2807cbd05349ec308a57ba7d8d50134e749c42e05319c33a31e
-
SHA512
e591a073e0ae242723f3bf2e53666b942182d3de4e0a78c56b80f569cc7d3105a9a6f1d946dd6b5353cab855db63c78d0bfe084e8db6d90eea2335ce677a9e34
-
SSDEEP
98304:6aeSZ2L6rrrrrzvVGTFXgMjfTlj4NPxvgusP0fmdfu9W7FeoLsYAogm:6hs2mrrrrr+goBjgPV60fm1u9W7FeoAq
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2512 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2512 AcroRd32.exe 2512 AcroRd32.exe 2512 AcroRd32.exe 2512 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Surveillance System(1.1.00052)_2005-09-28\UserManual.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2512
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5caf84d6e4c9ab100077d71ad000bfc2e
SHA14f5f9972d65c9a715cee98640358bb96158c8368
SHA256fcffd93c5b2328e56fd15c1083cd0652999bce07aa39686cd778f0a366dcc076
SHA512482c66ee36834ef4c6c0948cb3503a4fb5a272713aecf301296dd7f65921b87ee5064d98233ffb1ef6b6b3a9aa023dafc8a7dabae0c93cbc90a88eadec0ff884