Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/09/2024, 07:10
Static task
static1
Behavioral task
behavioral1
Sample
fd61f5b6df9f70487f9d144bb5b41210N.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd61f5b6df9f70487f9d144bb5b41210N.pdf
Resource
win10v2004-20240802-en
General
-
Target
fd61f5b6df9f70487f9d144bb5b41210N.pdf
-
Size
212KB
-
MD5
fd61f5b6df9f70487f9d144bb5b41210
-
SHA1
955d029b98a798bca61c3be376992be87098014f
-
SHA256
8fc6dc255651052c5d03b60479fa7f83a49c5168c5b0bca48864e7eacbde5775
-
SHA512
36bc9a53fc697f2782a536fbfe08b75e73acb79f08fedeab3e3b818e2df4274e48c59baee390ccb08dd4372e07c7bc97e835e7c02f4183210c3465ea19084019
-
SSDEEP
3072:KcLOIvmdygejLP2Gzq8wgJxa37s9rEzFB6WeJCaYaCma2DxxkxuqRd7m65:tS4gef+SqYa32raXeHZCmzxWuqRd95
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2588 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2588 AcroRd32.exe 2588 AcroRd32.exe 2588 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fd61f5b6df9f70487f9d144bb5b41210N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5fa81e1d3e5d529fcf671ac52e608e9e6
SHA1c707e6868440874dc73912cc979692b75cfd62a8
SHA256056c8d0844ee68036b5d09118abef2b8813bdc0c122dc84d0c77f2e102ef27f6
SHA5121bf86fba6efe9d0006e30468436abf6389b26806ae7e1d3824b4bee642233ceac5aa6e470176456a9fa0d965eb63d6681463337f9aa3535d1f7df40620908065