Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
166s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 10:14
Behavioral task
behavioral1
Sample
50495452d084e6a568be287c82ee4be1.pdf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
50495452d084e6a568be287c82ee4be1.pdf
Resource
win10v2004-20231215-en
General
-
Target
50495452d084e6a568be287c82ee4be1.pdf
-
Size
89KB
-
MD5
50495452d084e6a568be287c82ee4be1
-
SHA1
96c45a2f6b337d703fd92f726121441d3ff7d47d
-
SHA256
2cf9474263aa884a6a3a21a555d48bcd5f0a6239ae60a4aff2f5176c295ff8f0
-
SHA512
c11933e673d4c3ab04a5b6a2f1b54e8ae44088d1d2638bf646332eea4942c4726b12e2b51c55095db98cc49748f60a30adea16e741f5b9fba0b6f05a4b313094
-
SSDEEP
1536:Z5PvSZVZLMY2j7ZwCTAaEsI8C1dGAkm0sdvlO9GlsuiGl82tWt6zwJmy+AHmW8p1:jvSZVBB8wCTAaJGdGr9qvl1OQlEAy+oM
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4868 AcroRd32.exe 4868 AcroRd32.exe 4868 AcroRd32.exe 4868 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\50495452d084e6a568be287c82ee4be1.pdf"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4868