Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
18/08/2024, 12:41
Behavioral task
behavioral1
Sample
e893bd887a753625a2bc4601ce21e740N.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e893bd887a753625a2bc4601ce21e740N.pdf
Resource
win10v2004-20240802-en
General
-
Target
e893bd887a753625a2bc4601ce21e740N.pdf
-
Size
142KB
-
MD5
e893bd887a753625a2bc4601ce21e740
-
SHA1
0bcc181a0956cdcfd82c5e23d9b2ebf5ea71378d
-
SHA256
7131f7cefdd2bd0ac7707808287d4281c489e6ef3892b37352dc55e1118cf48e
-
SHA512
e0e6cf08dc8b987daa43303b5f71a6f2006974e306722917266524086558ac606cad55fba471b2cc1214cdf6dddbbcf56bd5d4bbc7c957b80dafa511478cfe35
-
SSDEEP
3072:riDnOEi56CLq0PahjnvBmH7mvUjZmfkQ+ocV4OTCbJq:rYOEXIKjnvB+mFfknocVlus
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2120 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2120 AcroRd32.exe 2120 AcroRd32.exe 2120 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e893bd887a753625a2bc4601ce21e740N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54605c06934215ba8fd893ad00689846a
SHA18fbd83fcae71680cd175072500877a6aaac6844a
SHA256f7dd937db5a485afa235910c3949ba6bc645937aa6fa81f8fe77a35509962080
SHA5128cb811d661d34f373ec02a6ec6adab93fde80307bf7fa09de0529f4321fed6a895da8ff73496155b23247b7030b6142c74140da27a7eb9985f2359d9d6e6372c