Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20/08/2024, 09:52
Behavioral task
behavioral1
Sample
9ec9bb475c1441b3cd084ffc7ffe41f0N.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9ec9bb475c1441b3cd084ffc7ffe41f0N.pdf
Resource
win10v2004-20240802-en
General
-
Target
9ec9bb475c1441b3cd084ffc7ffe41f0N.pdf
-
Size
130KB
-
MD5
9ec9bb475c1441b3cd084ffc7ffe41f0
-
SHA1
46b06c0506e955e862532303af8106adabc81757
-
SHA256
324e92476f3c740145e2e88565e461a49f471171366906bdebcd17ca0c620ef6
-
SHA512
ba391a90763f02359c18084609b065843ed0a8eeabb7f9c037b90a174fded9ede497c7f03f96196c35c955705c99a4d617cd32082ba771ec9c65f76cef9bbe6e
-
SSDEEP
3072:ED2fQ2i56CLq0mahjnvBmH7mBjZmfdQ+odBVZ1v:C2fZXNKjnvB+mqfdnodD
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2416 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2416 AcroRd32.exe 2416 AcroRd32.exe 2416 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ec9bb475c1441b3cd084ffc7ffe41f0N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD582b1b115fde988b9c798664099e30bc9
SHA1e649d742c368c24a9800e946c33898c9435472ba
SHA256a4e70fa999e9ea5a891a1291e55e9b23bc741aa0f8a1f305add51129b1faa6e6
SHA5123f30ba1e556edd86a3b0ea751cc532c37a9fd047d9df0dffe4786bf74ecedcf731a5d71b357e6119f2440b834ebcb2e856eaf4b10d688eb7ff63a6f406b22f99