Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
174s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31/12/2023, 14:41
General
-
Target
3a21113c59a089c1d62dc26317f13933.pdf
-
Size
77KB
-
MD5
3a21113c59a089c1d62dc26317f13933
-
SHA1
9fd1f2f7943cb36f099fe10539f5f2bdca8a8594
-
SHA256
fc8d83548946c9a31634fe617e804abce8a6e55561881dfda7c37f291da5bc7a
-
SHA512
77e6c90ccf241d63600bea64824d4f74214a90fe883d8f9bdc327bf1eeb594664bbb40523c0b5461eb757e1c4d169d9c181fca8e9af96ed2a031dab1c3d9b977
-
SSDEEP
1536:W9QW2Kfah0hnIC7RV0egAhAJaGhGoJP8ET/ec+zvxF9WmpO+CWN3vBsvbDa0e0vN:NKgk6eg2EaAP8FFe+zKDDat0F
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3a21113c59a089c1d62dc26317f13933.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-