Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
07/08/2024, 12:12
Behavioral task
behavioral1
Sample
be1578be4d5869618b46a649a10e69e0N.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
be1578be4d5869618b46a649a10e69e0N.pdf
Resource
win10v2004-20240802-en
General
-
Target
be1578be4d5869618b46a649a10e69e0N.pdf
-
Size
139KB
-
MD5
be1578be4d5869618b46a649a10e69e0
-
SHA1
ffa0710623bd0ad9f380f87b615f443b278827f5
-
SHA256
a579ecc235cfa3bbd8dfe359cdcf2a56f04f0e88f16a9b43be98a6246c9059f5
-
SHA512
5e6f577ca563fad31bf1bc5896f273bd3669fbd0eeccf40f52c54e02e053319294793f32c091f68c0e517725565127f8b07d7793ff55a4113abfd6905ff55bd7
-
SSDEEP
3072:vJki56CLq0VahjnvBmH7m7yjZmfuQ+oizYjXGsG0h9LD6CjnI:v2XeKjnvB+mLfunoiL
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2812 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2812 AcroRd32.exe 2812 AcroRd32.exe 2812 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\be1578be4d5869618b46a649a10e69e0N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2812
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5df28f43f339659d9da88e834d41ac620
SHA12a664137159dba83b7577b3de55a81a10b0a2e94
SHA256596b4ed43769fd4a725b9be54e93cceaa87f799878a03384eb57e3bb0f569ad7
SHA5128709a91a295183ea5ae9d5ac92a86c41e50446daa88b1d85f94b2fe41ddb2ea22a4bf8c4a3dc57a5dd44fe6bb222efa1fcd3995f37644352ff6c247c9ee217e6