Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Screenshot (42).pdf

windows7-x64

3

Screenshot (42).pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Screenshot (42).pdf

  • Size

    18KB

  • MD5

    ce07a5048fb23c861fda81ae59069bfc

  • SHA1

    1798b5b6af36225cdc8308d8cf60c6cd86ebfdf1

  • SHA256

    72a4bdd8cdab78f9bcc9b8b38e953fddb5d9047db5d004ea0782ae005aea61c1

  • SHA512

    77004737a0c0b4b15e2360af7d47007c1379dbd62d210875b3c0361500fce231f9cd07771acfda6ad8912251cdb06346155070eaa12bec7bde4a074a5d206e92

  • SSDEEP

    384:dcjOlC0rofWZW6i5P6gvpR16KCDYjLcgJJ1bQzCUSsIWxqyNn2ANrOqQUG9LTT0M:d0uWJJp6bG9JJFQzpIW8yT8j9Ln0M

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot (42).pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.readingquest.net/materials/blurbs-volume-1/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aa07135cf45f80a4f4d382a2b850d31

    SHA1

    df4ec5fd65a51244f00a387c1a59ee9c150e88b3

    SHA256

    4c4b3c6398974ec0d4403aaa664e9a5f72e9e66978283a7b180134f8c6551522

    SHA512

    569950e9efedaa094776c1559ba778b62c42eb9af6d041cf29e3a280cd90e9ae2290dd17a24efa8f23d119666fbae805b33288a391c3d59f35ec22c0a9ed0566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8975b12e02a4b0b9afdd4926625a08c7

    SHA1

    b7a81294dda8661352b8d2398ea86efbe7f2e295

    SHA256

    69c37a54a29e3f183a69c64f6060c9932dd694dd7bc1ed222c8fe2074d0af3ba

    SHA512

    afa0ad0d4272c58c3b2c8e23ce6a02766e683086abc506dae3df688ce74de15dad462b6e983a3a5a32221c4cdba07638cb241dadf423dbee724ec7879017169f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bce82ab010f623792ac12ee162582101

    SHA1

    67600a4485e0b679637655fbaa909549acb45336

    SHA256

    635bc0075323946a2d159f2efbaad4ef4715c9165e42599a44541516d97ae3a2

    SHA512

    97ae5ce93f29e2e32d71694d5cda4f36ad4c98d44a14000ec8253fa55a5136b5987305adc28c24ee23bf754fd2ed147889aca278b10e93e5825ae05a96477ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bed9ca1f3b603409f4133f1629eb474

    SHA1

    2a4faf607b696652442d1ba9a2522770cfa561c9

    SHA256

    b8b452e764aedcd4e3ec8bf334cd8ffcfb7e9ad1d86413456ccc683315b19d8c

    SHA512

    b344e8d9d8d9a93ec732896bd349e753e073470c1dc91a769c3a196487f5016c322eff0308305dc2fbf850592792ece75185aae4f78a7776947f8b0160511b04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aafadcba608785939bf5bc0349d4a92f

    SHA1

    8111525e925447f1da72ef77e11aeab5e05cdf9d

    SHA256

    e8ef431c99726673544d6aab653669a86f4f9c0632262c0cb27b70f801372755

    SHA512

    c96a7f8912cb9ae6a4a35f673cc9053df4a293e3b76fdf6d18540aba5f78d54a6550da03b25a65568b067b5a551dc7943886a9df25546fd18f07b902cdc8b45d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad299a9a86e8d86d138d89b26be3bb41

    SHA1

    f59870dc16e1daca2b510c19d730899cae8a69bf

    SHA256

    cecb9db264ac2413ac2eabffd1e4db3ad7659b7616d2682b4cd20f5c000e3a9d

    SHA512

    908044e4134e5d31d074aefeac690fe6e812544a1d20ec47f23767033028df61f15cd439079d18070569b396d5d751b601998dc9fee328ea2e16ebe171cc70c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad6072cedec7e483206d46a73c73e3be

    SHA1

    6b6d243c457bd748623470cb0d1a0927e73cf1a6

    SHA256

    594ff288251345cbc28d65a5e7ab482c435ed75a60e3f2a10b5d47907e2ae5c8

    SHA512

    b7ec229731fe35b3a45622f336af3b48984d645a6f372a62e33a15d046272c9d7d8981bfdf5ee5ba49bdda1263b17690b8102735b4a2355897eb83919f78c64e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10f3adf613b1366a03a474a6e61896fa

    SHA1

    1dacdd047990f006db20ca08d1d63f782f97c026

    SHA256

    658b59d585da8ff87ef208528cdae159d867420a035fce071a431933fcd82d2a

    SHA512

    37aa3172b252e7a717b3d6ada48ed04c9d3418bd80ae07b149b54900caf84ad8ae727d7f39c6b86154c80eb08f5ef1c76567f015f34405213cd658742126106b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb16b5d6cba79cb42b65de194021f15f

    SHA1

    cadda7d645c257fc186a5ec7bab32c79bedef833

    SHA256

    bb2a4295cf8c9708230597b4456ba1c40b0a663b55b5381118ef1e1d9d94533a

    SHA512

    bbd14f49ffcb2f308445cd2ad7eb3ea936f0d6874d19870e242a61d6e4a199f8ce32d750d88f9e587f64834b9654d96d6e0fa106d070b0b4b184c21d930748ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c60a00090e4d3142c3a66dc4832f413f

    SHA1

    0a77782c55c754972f1f4d14496c4cc5afe8feb2

    SHA256

    939ac33e6e29d06ea5fe35210937d7a25cd4e802c0e06d50ceceacdedb7e274d

    SHA512

    17faed2d5dd80e876e0f3b1ee1e4b6bd72087053ffc65383d780ff4f8a5f37ccb2ae876a34375fef7d443430a30f953a11ba6ed282470832dbdb1ddf26833533

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27cca98648fda273020574e594358114

    SHA1

    f943de1d1165eeade72a44486baf4eda8605f5f0

    SHA256

    dbdc127e802d4652a01376339c58f50dd5cc59681ee60aeae4e4004d78b21e23

    SHA512

    70a8998ce2b7a70cb661ae9c5ab7b5713ee389a27f88742eeb3c0f7915764f3e14f2ccc58a520809b097ddf1fb2b9003699937b17c46bfe7907dd6d49b90ebda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e0729a5bf19b2aa9b2046bdf0603e52

    SHA1

    2ebcbdfa743cfa4347dcf0b9efb8bbdd925b6998

    SHA256

    dc4fc40522d37e3189d89604ab3cd80c8db0dd3ad6a0fde2c1714d50a7668923

    SHA512

    cb292c95bcb8bc305ca28d68ca9afd46eba1d7238f650fde2effdd1d36d24882d7933202db2d4421f7ed2d384fd4e9d676b55771709be7de8b55ff428e0127fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1092a8f3d7f6b56e0bd6c7f7ed9572c

    SHA1

    4511af053fe965e2b7367cc7413c26402dce0be8

    SHA256

    b80b2c9ee6872ba857017477c6cea99fa9df5e42a79406c76d8619bae07d1e8c

    SHA512

    31754bb1d253689006c02c7dad5f8ee0674e7bf41a1bd88c161a768d25a6c63dceaff0c0524b9d9781a1e3dbb508a19062097047cb3f452ece9b966eb6724868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    485160413ce643a9d7397ec94f98dad9

    SHA1

    ce7b26c574c8fe854249ce338cfaa29ed976af83

    SHA256

    7da0066d0bd01cbb7829008dde63eb0a4eecf76023c21aad8c106475b27d0a77

    SHA512

    2f2d16ddb1be14b8d5eb4390f0cc2e75f1f536626b56f5c9cbf2e57cc9c60f1eebf697ad3287a62a95bdca69bd5780772c8a70015f89fffe48322eb3f42cede7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65877992c65f3b793cddbe9c95883580

    SHA1

    db1d032ea049d4badcbf57bbb850ed23d736b9fe

    SHA256

    cd042424847ee35120313d5fe8230406ecc0f7b304e3a4b65625ed7309f0e04c

    SHA512

    1f1b001d32bfb92d582758f185e573e4230caa9113f67d2c793279886911825bdaa08bdb521fed23e83fc4994d6f3f13fb42eb9016c027b3bf11d923ee9bc2d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c9436e82c2cff1df8b326421c978559

    SHA1

    097b4355cc61d9ef19c3594189c5bff2aea1e797

    SHA256

    be4737ad46cb5ddd8926b2dbc5c6e2ac2d7535f774786a15bc629906e4041637

    SHA512

    f77781df2f99bbce7985683a6aad3e463cda8fffaaac060f9bfe3ff26109cbf5d54f925be9cdbc3dcc688b9429b0135f3a4a170ad9909b9b86764054a140cc1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56ef78df14b4976aa3f3ef14a61f4cf2

    SHA1

    4b129cf245dd853a23ec35d04a5480399fbba0bc

    SHA256

    cd3d6fa6e5a0baa5cf1a37085143b7acbe86661d2578c5f9e0c3ee985f8e71e1

    SHA512

    dab2a7ef936c6aa18e56a09415624e43e6412c4e75cf472b45689c9f39f758e15d7927fdfedcf877f3bd66f40fd0cbba024cf24750d65d3cfcb1bea22aedd2e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0112463c143d7d90c289fb88d3193f04

    SHA1

    f59f7985d7aa0e34732b2c6ef31443f5c5e83f5d

    SHA256

    093fda918ca69d4b5cdfc0dd5298ef6ffabb2c9d623239bd4185d689e1b02e51

    SHA512

    a32befc47f927f9520d260ff4f81ee961d2387940bb533a7816cc63d31784db0c9a21c819f790e37e6cf2707f517ada81711f5c1390a886c625ba8509688064d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab90.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    379011a53f091103c18dac86593b62ec

    SHA1

    f059b602c4392abc9035a83aec5090f59c841cd6

    SHA256

    03905a800e1960ed64d17c6f784d72447812c816e3ca1466e149097eb455411d

    SHA512

    b71d86d18565fdbe26e5abdff73162d74366584c07fc3888b21a38d84d4c6a32fd16b98aaa1351fc4cc48ed6132d775103fdc60b17d543ce223f0079a37ad0d7

    Download Submit