Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31/12/2023, 03:36
General
-
Target
2697bf7852a168c255beae4d9dcfd81f.pdf
-
Size
35KB
-
MD5
2697bf7852a168c255beae4d9dcfd81f
-
SHA1
5b7d336d06e7f6dc55512c68bfebd18ed6a2e559
-
SHA256
934f8bee311c8f374fa108383e6f82666e09b921174ea86137d4418eb3f2158f
-
SHA512
96453f81f914e4c93a7f0ef4501133adbc61ba034b8dcbb491796ac074d28a1ea8b486ac0b79a910ae1759cd7c532c7d68e86f538b41982e94ddcd297d492272
-
SSDEEP
768:qeWyEHnegadLKsCinFEbXz1FPjsqMg7SobqZOCOzZ++Fllllr5DL9Fukg0:quEegadLyUFyj1tJMsS3OFFrtBwkg0
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2697bf7852a168c255beae4d9dcfd81f.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-