Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3A3-Antista...ND.pdf
windows7-x64
3A3-Antista...ND.pdf
windows10-2004-x64
3A3-Antista...ng.vbs
windows7-x64
1A3-Antista...ng.vbs
windows10-2004-x64
1A3-Antista...er.exe
windows7-x64
3A3-Antista...er.exe
windows10-2004-x64
3A3-Antista...on.ps1
windows7-x64
3A3-Antista...on.ps1
windows10-2004-x64
3A3-Antista...ild.js
windows7-x64
3A3-Antista...ild.js
windows10-2004-x64
3A3-Antista...ns.ps1
windows7-x64
3A3-Antista...ns.ps1
windows10-2004-x64
3A3-Antista...tt.exe
windows7-x64
1A3-Antista...tt.exe
windows10-2004-x64
3A3-Antista...es.exe
windows7-x64
1A3-Antista...es.exe
windows10-2004-x64
3A3-Antista...ey.exe
windows7-x64
1A3-Antista...ey.exe
windows10-2004-x64
3A3-Antista...le.exe
windows7-x64
1A3-Antista...le.exe
windows10-2004-x64
3A3-Antista...on.dll
windows7-x64
3A3-Antista...on.dll
windows10-2004-x64
3A3-Antista...ds.dll
windows7-x64
1A3-Antista...ds.dll
windows10-2004-x64
1A3-Antista...gr.dll
windows7-x64
1A3-Antista...gr.dll
windows10-2004-x64
1A3-Antista...et.dll
windows7-x64
1A3-Antista...et.dll
windows10-2004-x64
1A3-Antista...ut.bat
windows7-x64
1A3-Antista...ut.bat
windows10-2004-x64
1A3-Antista...put.py
windows7-x64
3A3-Antista...put.py
windows10-2004-x64
3Analysis
-
max time kernel
95s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
02/08/2024, 20:23
Static task
static1
Behavioral task
behavioral1
Sample
A3-Antistasi-Ultimate-stable/A3A/addons/garage/APL-ND.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
A3-Antistasi-Ultimate-stable/A3A/addons/garage/APL-ND.pdf
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
A3-Antistasi-Ultimate-stable/A3A/addons/hals/Addons/core/functions/numbers/fn_numberToString.vbs
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
A3-Antistasi-Ultimate-stable/A3A/addons/hals/Addons/core/functions/numbers/fn_numberToString.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
A3-Antistasi-Ultimate-stable/AntistasiBuilder.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
A3-Antistasi-Ultimate-stable/AntistasiBuilder.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
A3-Antistasi-Ultimate-stable/CopyMission.ps1
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
A3-Antistasi-Ultimate-stable/CopyMission.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
A3-Antistasi-Ultimate-stable/How to build.js
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
A3-Antistasi-Ultimate-stable/How to build.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
A3-Antistasi-Ultimate-stable/Tools/Builder/buildAddons.ps1
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
A3-Antistasi-Ultimate-stable/Tools/Builder/buildAddons.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
A3-Antistasi-Ultimate-stable/Tools/Builder/hemtt.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
A3-Antistasi-Ultimate-stable/Tools/Builder/hemtt.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSCheckSignatures.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSCheckSignatures.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSCreateKey.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSCreateKey.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSSignFile.exe
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/DSSignFile.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/LibCommon.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/LibCommon.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/NativeMethods.dll
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/NativeMethods.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/licenseMgr.dll
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/licenseMgr.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/log4net.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
A3-Antistasi-Ultimate-stable/Tools/DSSignFile/log4net.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
A3-Antistasi-Ultimate-stable/Tools/TownGenerator/input.bat
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
A3-Antistasi-Ultimate-stable/Tools/TownGenerator/input.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
A3-Antistasi-Ultimate-stable/Tools/TownGenerator/input.py
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
A3-Antistasi-Ultimate-stable/Tools/TownGenerator/input.py
Resource
win10v2004-20240802-en
General
-
Target
A3-Antistasi-Ultimate-stable/A3A/addons/garage/APL-ND.pdf
-
Size
157KB
-
MD5
cf8865174d56216378035a757f40ade6
-
SHA1
5550bccff5d42e8e4424e14633dffcfba02b25c2
-
SHA256
5deddaeae17ad2a1c0a370f999059d63242be94435cc16324010daf57e380e7e
-
SHA512
79cba88383a9235384f560d95741195f06aea5ff34c4a359d31eea677f08471f72e5dd2d59f8b9823b9985497f5bd1888f60cd1880ec87299519649ad7bf4a1a
-
SSDEEP
3072:ZRAZJZYosc71JDwx+2etsuGX7elUhFFTVg2OGk9GtIM3pkTsgUyPb:ZRAZJZp5P8xXetsdCahPvTk9DW2jPb
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 712 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 712 AcroRd32.exe 712 AcroRd32.exe 712 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\A3-Antistasi-Ultimate-stable\A3A\addons\garage\APL-ND.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53c19fedeadd0916438c1ffc9f2407edc
SHA18a02c46a2073fa55b40a1a6777aecbc3ac0be12c
SHA25626711ff1f5a2d2fd75883cdbd19ebdaeaaf00ef8fa061b17ba57bb2820ba0133
SHA512fa8c9bc4fb3e50747172232fe223f82f4e7fa7d69cf3aa440ad8807f0645e1b0aea887bb822c95b506c0451b66d6592c0c2fa83411c6fc06b3a171b0b51a16a8