Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

a9da6648ee...36.pdf

windows7-x64

1

a9da6648ee...36.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2024, 18:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9da6648ee0b68ff715e61213e624b36.pdf

  • Size

    37KB

  • MD5

    a9da6648ee0b68ff715e61213e624b36

  • SHA1

    2b35c5f1698e1b4e00e3c097d3056f2e35f631cd

  • SHA256

    5c43f4a211032f54e54abd4fd6b125a95595bdff336ff6bb1f21957134ef50bf

  • SHA512

    c879425709ee76993da109a15feaa6ff1716e92f81ef9b8c59f5bdb71e37a39bb80966073402fe486aecbdd3e67832df3ac6129d660f7856977b2731eab1b644

  • SSDEEP

    768:eCXk3IjQLOr/SLV/m0oqQ0HkILFMSD79w+9gou+RUlLutq+jG:bIxBm0hQOkILPwAgo5UwtbjG

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a9da6648ee0b68ff715e61213e624b36.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=373165AA1F2B42AC1DA26D7586C536F7 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:4388
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3F59FA08DFFE375285D90543E66D9D41 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3F59FA08DFFE375285D90543E66D9D41 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:4600
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2CB1B8A2CAF34E4AA0A589E0CCFD094A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2CB1B8A2CAF34E4AA0A589E0CCFD094A --renderer-client-id=4 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:3676
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0B4C9536D5F8DCB7503918C8703EE671 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2004
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D2F1D4389B8C7FBCE5C4099D6D84F94C --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:1516
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8D3F6FE44641BE6FC509C18CC6B1B31B --mojo-platform-channel-handle=2476 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4200

              Network

              • flag-us
                DNS
                133.32.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                133.32.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                9.228.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                9.228.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                195.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                195.178.17.96.in-addr.arpa
                IN PTR
                Response
                195.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-195deploystaticakamaitechnologiescom
              • flag-us
                DNS
                26.35.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.35.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                167.109.18.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                167.109.18.2.in-addr.arpa
                IN PTR
                Response
                167.109.18.2.in-addr.arpa
                IN PTR
                a2-18-109-167deploystaticakamaitechnologiescom
              • flag-us
                DNS
                57.110.18.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                57.110.18.2.in-addr.arpa
                IN PTR
                Response
                57.110.18.2.in-addr.arpa
                IN PTR
                a2-18-110-57deploystaticakamaitechnologiescom
              • flag-us
                DNS
                132.4.17.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                132.4.17.2.in-addr.arpa
                IN PTR
                Response
                132.4.17.2.in-addr.arpa
                IN PTR
                a2-17-4-132deploystaticakamaitechnologiescom
              • flag-us
                DNS
                51.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                51.134.221.88.in-addr.arpa
                IN PTR
                Response
                51.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-51deploystaticakamaitechnologiescom
              • flag-us
                DNS
                157.123.68.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                157.123.68.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                56.126.166.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                56.126.166.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.205.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.205.248.87.in-addr.arpa
                IN PTR
                Response
                0.205.248.87.in-addr.arpa
                IN PTR
                https-87-248-205-0lgwllnwnet
              • flag-us
                DNS
                201.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                201.178.17.96.in-addr.arpa
                IN PTR
                Response
                201.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-201deploystaticakamaitechnologiescom
              • flag-us
                DNS
                14.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.227.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                181.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                181.178.17.96.in-addr.arpa
                IN PTR
                Response
                181.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-181deploystaticakamaitechnologiescom
              No results found
              • 8.8.8.8:53
                133.32.126.40.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                133.32.126.40.in-addr.arpa

              • 8.8.8.8:53
                9.228.82.20.in-addr.arpa
                dns
                70 B
                 156 B
                 1
                1

                DNS Request

                9.228.82.20.in-addr.arpa

              • 8.8.8.8:53
                195.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                195.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                26.35.223.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                26.35.223.20.in-addr.arpa

              • 8.8.8.8:53
                167.109.18.2.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                167.109.18.2.in-addr.arpa

              • 8.8.8.8:53
                57.110.18.2.in-addr.arpa
                dns
                70 B
                 133 B
                 1
                1

                DNS Request

                57.110.18.2.in-addr.arpa

              • 8.8.8.8:53
                132.4.17.2.in-addr.arpa
                dns
                69 B
                 131 B
                 1
                1

                DNS Request

                132.4.17.2.in-addr.arpa

              • 8.8.8.8:53
                51.134.221.88.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                51.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                157.123.68.40.in-addr.arpa
                dns
                72 B
                 146 B
                 1
                1

                DNS Request

                157.123.68.40.in-addr.arpa

              • 8.8.8.8:53
                56.126.166.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                56.126.166.20.in-addr.arpa

              • 8.8.8.8:53
                0.205.248.87.in-addr.arpa
                dns
                71 B
                 116 B
                 1
                1

                DNS Request

                0.205.248.87.in-addr.arpa

              • 8.8.8.8:53
                201.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                201.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                14.227.111.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                14.227.111.52.in-addr.arpa

              • 8.8.8.8:53
                181.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                181.178.17.96.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                15061a6b8c1b19ae619fa3f472b469da

                SHA1

                e80197fd0baf6373b427a069e85dfac4b260275c

                SHA256

                239d14e59c9af3c61b6dfe8309503c22f1ad03c59d770d2c14aa650e63bae8fb

                SHA512

                1c91e8f18895c063d17325711b16be5740cf2b580d78c4b7dcf771089d1c7a738cdfd8ddf7b376ec83ac99b378690526e22e6e746bf225fb573e1295acc0b4dd

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                4427686cc2fa3845b1cc677521b8ff65

                SHA1

                0270f29420f5780bc701279ca1d78a557a6864bd

                SHA256

                334e711e087134a47748f78cb5b534e053a0de7844a6feacc767bd7751e18901

                SHA512

                e927302fbdec84b25277c95e6dfc55549af8fffb82eadc2416e7eb8ffda92cefeda2cea1d433c40e4d42ebd961eb333cd7076ca76a9f94783b7c830c22efd23a

                Download Submit

              • memory/1900-29-0x000000000A3D0000-0x000000000A67B000-memory.dmp

                Filesize

                2.7MB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.