Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

NEAS.28062...JC.pdf

windows7-x64

1

NEAS.28062...JC.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    266s
  • max time network
    296s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.280620c1c58d75b8efd81027b53b4930_JC.pdf

  • Size

    486KB

  • MD5

    280620c1c58d75b8efd81027b53b4930

  • SHA1

    57b38ff0ad4d1481d4696b3a08e396f08062bb4a

  • SHA256

    05d76a00dbe048b95fc221ff094e48339e43abce05a978a7d4914bf6a2391dd2

  • SHA512

    11567ffa6bc610e6d9b9229e2448197343cd5774c1b0c4b6cce14b3fa519f6c7d6fbb4b81d8a3b48e312b49727dfd0c442535747bdf6ab33070e8cedb9508b85

  • SSDEEP

    6144:hBSu7R8l3MQ50mDH0xIAMyPCm3LseeXbj2Xmn+aZs6JBFz5F39vUwmgWTZCz8gRT:fR810S0xIA2UkXm23ZsWBFz5Xegf+Py7

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NEAS.280620c1c58d75b8efd81027b53b4930_JC.pdf"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads