Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 03:40
General
-
Target
0d3e62efe07ddf8faa362d95b7aa7b16.pdf
-
Size
84KB
-
MD5
0d3e62efe07ddf8faa362d95b7aa7b16
-
SHA1
9feb19b1003a11f4961184eed297d0fecf9db57f
-
SHA256
1dfc1d4d32a892dc761a993ebdd5616a8251d8fe5005c20735783569e2e7618b
-
SHA512
ce55346d3d5f790b5d6a624984e97dd33f4af0fa2ba7a7046e80d3f9053c56ea7bb8bd74bb4c66a01994043b8b78120fc652873313bc34b2c238b3b665f525a1
-
SSDEEP
1536:O2mmNsTOiBdvmw0pMHqqxE5GIUn5Tk8/2jkqN1abt7NJnO11WapOtQHWFYEd0gDG:crTOudvmwaMHqtGIUnlkQ2pNCt/O1qtU
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d3e62efe07ddf8faa362d95b7aa7b16.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-