Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

testdisk-7...MI.exe

windows7-x64

testdisk-7...MI.exe

windows10-2004-x64

testdisk-7...n.html

windows7-x64

3

testdisk-7...n.html

windows10-2004-x64

3

testdisk-7...fy.exe

windows7-x64

testdisk-7...fy.exe

windows10-2004-x64

testdisk-7...ec.exe

windows7-x64

testdisk-7...ec.exe

windows10-2004-x64

testdisk-7...sk.exe

windows7-x64

testdisk-7...sk.exe

windows10-2004-x64

testdisk-7...sk.pdf

windows7-x64

3

testdisk-7...sk.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    testdisk-7.1/testdisk.pdf

  • Size

    239KB

  • MD5

    ba1b8ffd3f6c3fe555e5c47f79d49481

  • SHA1

    d0586493c5e47a025dd022e1d96eefaf3f94343d

  • SHA256

    6f0a85b660e5ebb4ac2f86fbf4dfce98ccaefa481899dbb9b0fdbccb83553000

  • SHA512

    a2770fa91e2a4c788a8f4d2d2d5db38cd5a033fe0858f0956660a663f8ada1a99890c2572d6676714f8e77f455df0a86384570ea23e4af1b758dea5b9dd5135f

  • SSDEEP

    6144:COEzE1MHyzJ08KGHlDL2u+gHlZBh7S4Gr4AAinFA3sOLkV:CE1pzO8KFuHb7S4/XoFfnV

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\testdisk-7.1\testdisk.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f7faead2ffe86118624aeb3a5bdaa5ab

    SHA1

    cec9fea7d43f0be2146bfa712f9c2bc6ceff150a

    SHA256

    c3d2756450b536fc62ae74443ef831ff93813a56809a3e07c8b99c758c0d497d

    SHA512

    e505b6182204ae697de41da82360494ae78f45a7de251c9c35c624d3f8067f5dd0fd0d11a5016074b77b99a2073e96b9289b8f86e18d1edc46b52d7adf00d37b

    Download Submit