Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/10/2023, 12:25
Behavioral task
behavioral1
Sample
NEAS.0ef91d1ab301580f0b0513cbf204e8c0_JC.pdf
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.0ef91d1ab301580f0b0513cbf204e8c0_JC.pdf
Resource
win10v2004-20230915-en
General
-
Target
NEAS.0ef91d1ab301580f0b0513cbf204e8c0_JC.pdf
-
Size
170KB
-
MD5
0ef91d1ab301580f0b0513cbf204e8c0
-
SHA1
3d6b0d1edd79eb6d0280bbe0076a5a87de7ef409
-
SHA256
bb04105926f54d0e7cbc396f53d4695c285858bcb93b9d79e190651951b5648a
-
SHA512
cfdd6f98f06809736d779e998b4df3edf696075f66b4e1be90191b1683b3a64fdf386de30794dcf72959a7c5cbe4c49a3087fcf67f8e247416ec2eaa25a82841
-
SSDEEP
3072:l6Lu/AIThL2SFYLpTQ/EMY05rTeqo9AT8r2/v5oDgJgrXI1S9N9t:b1FYLpk/S05rE9AT8r2HSc2b9N9t
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2360 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2360 AcroRd32.exe 2360 AcroRd32.exe 2360 AcroRd32.exe 2360 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NEAS.0ef91d1ab301580f0b0513cbf204e8c0_JC.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2360
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b3c7c32d1fcaa804803e77c5c41650b6
SHA1b6dfbb6ce3b4f822b40a749d9de2d9000520295f
SHA256fc2fde2960202faf1a9f9f7fe8530eaa446e941a054c586a070c8e95b640d425
SHA512ec2ce427917c5c52b93f0dbd7d1cf3dadeb96fcab13bd636359b39be547941a0395fba826d64157e316507968014120477e6a5f29ff6c973d4625170954c2a99