Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15/10/2024, 02:19
General
-
Target
001.赤湾停车场钢连桥-连桥柱锚栓(一~五区)-加工图0版-20240905(只加工22个��.pdf
-
Size
1.5MB
-
MD5
a7dbca4bc8f3941f68ea4dcbf1ac04aa
-
SHA1
3885ee56f1cbc5582a50694bfde1829add60cc3f
-
SHA256
109289012bf60a40cbec685ce09196b49184482db20c61e7472adc042ecf7d12
-
SHA512
7940de6af283a35d3cf75045b9993f25f5570d22ecf079b4aeb2ae6ebb021fd46380ab5fa733decff3c8d4925bed1c26248f5bdcad572a2f67405503121bd4b2
-
SSDEEP
24576:KLZAB4H8tBJAo7wdcDXPrmna5M548ladazhkltQIegBwcgBC+Sz6kNEpgQ4O2MK:6BMBy7dcbKSM5La8zhkv/e0gBC+SmkNV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\001.赤湾停车场钢连桥-连桥柱锚栓(一~五区)-加工图0版-20240905(只加工22个��.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD585ce5535797dc0a81704eca5d2af4d19
SHA1ad8eece87ec41b220e6e439184440094a34d66fa
SHA256216204019ec554dbc143838c1f0dce4b89e92a918eb8153a59baebde4e8e200a
SHA512ccf846baa6caee9a1cb68e9523b3a1ce072e57f27891a29234559742a24ac7e6b0a89549f5925549d63eeb69c580b03e1bafdbb8e3c1f1492e66f7979e218af2