Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

4

PHISHING E...24.pdf

windows7-x64

5

PHISHING E...24.pdf

windows10-2004-x64

3

Resubmissions

22/08/2024, 02:35

240822-c2575svalf 4

22/08/2024, 02:31

240822-czs5ssxgpn 5

Analysis

  • max time kernel
    137s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHISHING EMAIL SCAM ALERT - Midea 2024.pdf

  • Size

    389KB

  • MD5

    00cd3cf63c441547a5db94f99b53087a

  • SHA1

    e8f679f644a53773adedb049a7d5f6024b3b52c8

  • SHA256

    a1ab2444e344b62b37054748a0b1355f0c5e48bd710f2628ebaedcb178292970

  • SHA512

    b45dda676009257eb3f97ea3773fa3921869b7438e7aabee72bac236f3d6dfa2efc5cde5f0ecfb2a9c23576d2dd9304b5f0c16f3e32050b4c9309f05ed3036f2

  • SSDEEP

    12288:edMznsHW8PsYHZtcBJmRgl5h60xs+FGyG5rez:edQ2yJugZ6nF3sz

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PHISHING EMAIL SCAM ALERT - Midea 2024.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4252
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4252
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:4756
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
    Filesize

    92KB

    MD5

    aebe0d2eb7a2077a55e57a955e62406a

    SHA1

    3f811b8148f12220f4b45699135e6d21c9847d8a

    SHA256

    87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

    SHA512

    efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
    Filesize

    92KB

    MD5

    51032fc84a3fbb07c19542cca5ef5f93

    SHA1

    4098874970defcc3ebb7afc9167935bc1dc27253

    SHA256

    57f3b5a3b709bf50224d325737d0ae2b12f43e6d7aa96453797a65d0764d5809

    SHA512

    e376008766e4019bcb7a25bde8ba3d0a7085f6879db8bff44c964a7e0cd158da954092049a5c948d6b046c6932e93c409ee8b570400aa1e22a662bd086544f6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
    Filesize

    92KB

    MD5

    a6a2789b465bb5f04aa3a88fae707149

    SHA1

    722de82fdb0fef1d13c86f9136f01ad71c554f81

    SHA256

    75deaa3c6896d49b96517cfd7dc9344928bcf7ee43d179031c3a5145644920a2

    SHA512

    2b2e8bdc949131e9b5ff940a9434dc98f60f5597e1b3d656cb3f16107647c8548a0b6c1be58576ca5c3b5575f2ef2f4b03995f0a24a4b723437b9dc655f909aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
    Filesize

    92KB

    MD5

    245950c48f668cf2fcb3c64778e64089

    SHA1

    3a5a14c820f58e35a3fc6f5de29669f0840587d8

    SHA256

    a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

    SHA512

    4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
    Filesize

    3.6MB

    MD5

    4761e9e5022ad59232d3ff1d6365fc28

    SHA1

    2fbb4de0513928aaf315dba85359cc2e475f90d3

    SHA256

    52089e103b099774a479dc435d5902b82c85a458522d9ea52657c3011405c58c

    SHA512

    3cc9497e99bf308b2f90ba2d45bb36f8b765fc184d457d06f63fcf0f4d74fc55d4a450878d1ca713fa6f9b70850e96c6b5fd3af9e84e3dde7e597f520b0d5f90

    Download Submit