Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

BILL_EMAIL..._0.pdf

windows7-x64

1

BILL_EMAIL..._0.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BILL_EMAIL_211906_12491694_0.pdf

  • Size

    290KB

  • MD5

    391f7a444eae23fd3c458f78479bc5bd

  • SHA1

    aaaa07872c1610018a1cd1f70e7f1988ea66b7cf

  • SHA256

    d57235a53730049f734ccd88528bfdc2b99bb862deaff108932d0b2d2b0cdb5b

  • SHA512

    67d767430503667c71d335cd2413e0f23a5d9fd990b7ef18816f1217062c7cc49f1b74677dee55c545fefdb89f5dfcae16d0d431f9832ab949a0f6e7f9056ed7

  • SSDEEP

    6144:3yMP2LqMC4gKUpSudhdioKVhp5QXD8oM8FE9y9fpKLr:rwhgx5dhwoIZQXjM6E9OfpOr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BILL_EMAIL_211906_12491694_0.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Security\addressbook.acrodata
    Filesize

    5KB

    MD5

    4618312ec50b52c81043bb6ff393cfc3

    SHA1

    80537497d939529b34de993b14d96510068bf075

    SHA256

    e8e27396e2a043abd283eed4fd5b8fa256cc22e741defd522158fc9e29205839

    SHA512

    fc589a974f35ee83c297784c7d7cc62826854422ceec2d5ff46aa6575f5b2bade27d26c1dfc0686602c81e5c14f75f7abd23e6c19fd90a2dbe70e0f5c09251e9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d0b7999a603c3c37e5c9d77f1080d334

    SHA1

    bb58a734f9ca1c941731871357820c5174224a2a

    SHA256

    7c9c2733296f8cea4b2305d3aec4e635bb3e7d03416496f3cd446321d0bc15ef

    SHA512

    d814a0e74e1d99f6f16ec13f61307e35386a646900918195ab2b4fb0e4a8119c5e00f44169f11e4a53913154cbe50b02154f6bac2c01f5a29835b3b22aa3f491

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    302aabe75d2cc28453bb8d07f18c2eb1

    SHA1

    ddcb6838742f8b466d41a38f9b06b8bfc4448e9a

    SHA256

    745b883abd6d5ccda608b47734dc00a87b36ff6e2fa6f39797a9e5616017ade5

    SHA512

    5d2141b1bc5a44c8590f3b5e309122e1985567d2f21532e9a1321ad6f300e1b8e8272e972b7e71be5cc3b45046f4fcfe067c8a4d8821a0debfe39ac909e4162b

    Download Submit

  • memory/616-0-0x0000000003430000-0x00000000034A6000-memory.dmp

    Filesize

    472KB

    Download