Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
23/10/2023, 21:24
Behavioral task
behavioral1
Sample
NEAS.ef2ffaae0e24a835aeb201dee49cbe20_JC.pdf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.ef2ffaae0e24a835aeb201dee49cbe20_JC.pdf
Resource
win10v2004-20231023-en
General
-
Target
NEAS.ef2ffaae0e24a835aeb201dee49cbe20_JC.pdf
-
Size
67KB
-
MD5
ef2ffaae0e24a835aeb201dee49cbe20
-
SHA1
dc73302580c2db105d9c8067f50a8792b2e52540
-
SHA256
27ccb58f24a9c770287db25eaa00302f1488353800bfd735bf864e7ae5970566
-
SHA512
af4652bf40d1361301ae8d99287bfd407bfd3043ab068962f401b43f70490613a33ffd546b199f2d771469587743799b49eb2dffd861519b92424c8ba7cb0f3e
-
SSDEEP
1536:0dqGVLo8u4ROtfLm9TnOXCgDF2222WxVRJZ4Ik:0dqGVkAAtyOyusxVRJLk
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2880 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2880 AcroRd32.exe 2880 AcroRd32.exe 2880 AcroRd32.exe 2880 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NEAS.ef2ffaae0e24a835aeb201dee49cbe20_JC.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2880
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51ccc0133a7b50016c874b35214e51eda
SHA19f1b67fdc5fb2f86a34e0000527ba252f0967b7e
SHA25646dc87d6eacc482c559e34d5bd0a2b57a03504aa0f5878818e8ece840553bd1d
SHA51230e56923da314698f890031c83570f2a8421855a86cf8b74d32f56b3f0adbe660be90fe55ddb0727f438d690408e85a675c7ae2da67da6d5f72fd901b955f969