Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1555s -
max time network
1557s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 12:14
Behavioral task
behavioral1
Sample
APznzaaDiXlPu9Jcxz7BGxxaH6Mjl96snmrkEKhgHtU4ZP-2L601tTF1SiLxUplMfVwAGPUBVue9GYKliPkm3tn-Zunz9F5clEyT.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
APznzaaDiXlPu9Jcxz7BGxxaH6Mjl96snmrkEKhgHtU4ZP-2L601tTF1SiLxUplMfVwAGPUBVue9GYKliPkm3tn-Zunz9F5clEyT.pdf
Resource
win10v2004-20240802-en
General
-
Target
APznzaaDiXlPu9Jcxz7BGxxaH6Mjl96snmrkEKhgHtU4ZP-2L601tTF1SiLxUplMfVwAGPUBVue9GYKliPkm3tn-Zunz9F5clEyT.pdf
-
Size
1.5MB
-
MD5
fc86a9dca984383e9e5708b6cbb50d5b
-
SHA1
99556e78581ae74dbbaa299b12b46e9cee9cacf7
-
SHA256
54f91a5d09fef7ee24fa252f56169b33c2c5c56f498698a7a63ee6698d4d2257
-
SHA512
6c3b5e3cdd7129d038abc166de5d3f2e8a6e04e68a976107f0c68c7f7af23d65300e8a597faf47ba6c399e22f01623a138816f1cd731d23b5abb6946b7aac049
-
SSDEEP
24576:KktvOB+8m7DnpNPyXYMZgsSdZUvEP8SP+zRv420+zouyzeMILskH7hCAD:M+zyXPk8vp0Qm2Heu7hX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2256 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2256 AcroRd32.exe 2256 AcroRd32.exe 2256 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\APznzaaDiXlPu9Jcxz7BGxxaH6Mjl96snmrkEKhgHtU4ZP-2L601tTF1SiLxUplMfVwAGPUBVue9GYKliPkm3tn-Zunz9F5clEyT.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5df1e14eb256948b114922dcfb77ab42f
SHA1bfd0d490d2848e76d78df55e52fe00daa91ed46f
SHA2563f40c73295413e66cfc2088d6f725c16c2da408bc37fc6a45e4df1130c9a8902
SHA512b65af4b944494ae5cf8e9c5ad6794b2ea12b8563d12ce3eafd33dfc7982d3b2cd8674b53c99315f4b95f356eabee37b45263083cc0094b8669ef0a82b280c8cf