Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 16:13
Behavioral task
behavioral1
Sample
Internal Careers Portal - Login Instructions - 10-19-2023.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Internal Careers Portal - Login Instructions - 10-19-2023.pdf
Resource
win10v2004-20240226-en
General
-
Target
Internal Careers Portal - Login Instructions - 10-19-2023.pdf
-
Size
1.2MB
-
MD5
246dc90c02e4c1466e426b5d109105b0
-
SHA1
028da9c72393edb6e000ed411e2eb4ceeecddc22
-
SHA256
45e99d663800f43de37234ab8f18366aedd28ebe35cd0c5909c6dbb26caa8465
-
SHA512
11c86678e630c38132fc1b5bd4da529457be8a9ed3c31ab45ff595ddfac099e9b8cd8c5ae9adada1f5e5cc6d51dd7be73d7abfb1610d494f903881144d7dc06b
-
SSDEEP
24576:RNoIeec/BmkPT/Lr3AKiExp77e1AWC7f/vN4nX/m59rPV9XXlpGXKLf5a:GsQT3hxp77jjXvuX/W9rPvlha
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1256 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1256 AcroRd32.exe 1256 AcroRd32.exe 1256 AcroRd32.exe 1256 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Internal Careers Portal - Login Instructions - 10-19-2023.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1256
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57f398e4377320b7c6ce42493942e603b
SHA1f4b4b17645d45f18ec59d41d0e5ef13a231776fd
SHA256430d9345b52c689fd81ad52a539352e52db5e4cad01265916f6f813b4e5bdd90
SHA512911c0132b268e90af801abb9c20eaf1d05deb63b0242452e81ba7e1fab1177e23fce362a64d66c1a7b4bb3ad2796d9988a4c05c73924793a0033b06cfba89af1