Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

aa56f5905a...96.pdf

windows7-x64

1

aa56f5905a...96.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2024, 22:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa56f5905aad4dbca538d281f6ad8096.pdf

  • Size

    82KB

  • MD5

    aa56f5905aad4dbca538d281f6ad8096

  • SHA1

    2882ac071ebdce7b5d30a7c8115bdba0b0f0a389

  • SHA256

    4727d72ca0cf935a6893277a06c0eafceffb738205fddcd275f2b504e875b2db

  • SHA512

    db36c97f876a5a55864b0e92f9d9122f68df95af0562bc13713c192eba59ced7830f6e1a95272f61b48598e7e76d6772805237588c03a847fc17306875e0fdff

  • SSDEEP

    1536:9+sUrj7BQzqxnh9p22kw1IZthLA74l6dIcsktdmQ/Igb8JpQNNH:x2jtQuph9LkGIr6o6mc5td/1bQpQD

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\aa56f5905aad4dbca538d281f6ad8096.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4584
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8CB9EE161D4FCFAC3722E9CF76BA0418 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:4232
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=330299B42C6D165C6346F47B63B54121 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=330299B42C6D165C6346F47B63B54121 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1736
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B363CA5099BA63F0F44E1C2F86B25C4C --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:4992
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5490E69CB2F57C19C0E0C130497986A9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5490E69CB2F57C19C0E0C130497986A9 --renderer-client-id=5 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:4468
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A7E3260EC591E741C052692DD40DD7FF --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4048
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1DB44AD621C849EF3E7D4B410F3642F3 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4612
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4860

                Network

                • flag-us
                  DNS
                  20.160.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  20.160.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  9.228.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.228.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  175.178.17.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  175.178.17.96.in-addr.arpa
                  IN PTR
                  Response
                  175.178.17.96.in-addr.arpa
                  IN PTR
                  a96-17-178-175deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  41.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  Response
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  a96-16-110-41deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  57.169.31.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  57.169.31.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.176.78.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.176.78.104.in-addr.arpa
                  IN PTR
                  Response
                  172.176.78.104.in-addr.arpa
                  IN PTR
                  a104-78-176-172deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  17.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-17deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  26.165.165.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  26.165.165.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  18.31.95.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  18.31.95.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  217.135.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  217.135.221.88.in-addr.arpa
                  IN PTR
                  Response
                  217.135.221.88.in-addr.arpa
                  IN PTR
                  a88-221-135-217deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  209.178.17.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  209.178.17.96.in-addr.arpa
                  IN PTR
                  Response
                  209.178.17.96.in-addr.arpa
                  IN PTR
                  a96-17-178-209deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  14.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  14.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  0.205.248.87.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  0.205.248.87.in-addr.arpa
                  IN PTR
                  Response
                  0.205.248.87.in-addr.arpa
                  IN PTR
                  https-87-248-205-0lgwllnwnet
                • flag-us
                  DNS
                  131.72.42.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  131.72.42.20.in-addr.arpa
                  IN PTR
                  Response
                No results found
                • 8.8.8.8:53
                  20.160.190.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  20.160.190.20.in-addr.arpa

                • 8.8.8.8:53
                  9.228.82.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  9.228.82.20.in-addr.arpa

                • 8.8.8.8:53
                  175.178.17.96.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  175.178.17.96.in-addr.arpa

                • 8.8.8.8:53
                  41.110.16.96.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  41.110.16.96.in-addr.arpa

                • 8.8.8.8:53
                  57.169.31.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  57.169.31.20.in-addr.arpa

                • 8.8.8.8:53
                  172.176.78.104.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  172.176.78.104.in-addr.arpa

                • 8.8.8.8:53
                  17.134.221.88.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  17.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  26.165.165.52.in-addr.arpa
                  dns
                  72 B
                   146 B
                   1
                  1

                  DNS Request

                  26.165.165.52.in-addr.arpa

                • 8.8.8.8:53
                  18.31.95.13.in-addr.arpa
                  dns
                  70 B
                   144 B
                   1
                  1

                  DNS Request

                  18.31.95.13.in-addr.arpa

                • 8.8.8.8:53
                  217.135.221.88.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  217.135.221.88.in-addr.arpa

                • 8.8.8.8:53
                  209.178.17.96.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  209.178.17.96.in-addr.arpa

                • 8.8.8.8:53
                  14.227.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  14.227.111.52.in-addr.arpa

                • 8.8.8.8:53
                  0.205.248.87.in-addr.arpa
                  dns
                  71 B
                   116 B
                   1
                  1

                  DNS Request

                  0.205.248.87.in-addr.arpa

                • 8.8.8.8:53
                  131.72.42.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  131.72.42.20.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  222ef039b7a2002a44dbeda7959487a8

                  SHA1

                  74e1b5646ed21dadce8311f5ccf8ebf2ecb3aa57

                  SHA256

                  fa6a1d9962d5c8abd4ee0173318d90c86dfb4e10649c0c2cea613b38b7ca5bdf

                  SHA512

                  26dfba6900c02ff3f6e50c49ab363ffa0427dd0e533e3fa8ed9455bf534e182c60d90608d18574ffcbdfd7fc65021529f1228780b288510f213b946ee8498b5c

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  4e90599d63bdb312e16576cb894adf1f

                  SHA1

                  8dcb46d201f4d95b224d43bd30c3209118f6f0e5

                  SHA256

                  abfdf848ab29bdba480a1dbb6530550d0c7949fd2a0066c8818ac29567078878

                  SHA512

                  79e2443a02dac92848dfca71835ddd52e9f345faa3747c3780177c5a325c7bc270341dbd43ae12ab0e46b3f702c8209a4ad187e3c0e7079459a8cbacee1334f4

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.