Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

TEST.py

windows7-x64

3

TEST.py

windows10-2004-x64

3

Analysis

  • max time kernel
    20s
  • max time network
    23s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2023, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEST.py

  • Size

    41B

  • MD5

    44757e4b69c710dc5ad8427c0383238e

  • SHA1

    c88621f40f30a78e554face940efeb0d25ce6fdd

  • SHA256

    0bd80872e1caac67d2fe2d648c6907d244655dd7a2da5286a53fa5e09ff0e6ec

  • SHA512

    63da0c8b6145c9c5aac2dbb415db45480ee58c56018fd38bbe9960d345edcaf1752f334c430ea853ad3d724cd84c6f4a9d8665fcd2bfb2b05d2909597775bc3d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TEST.py
    1⤵
    • Modifies registry class
    PID:696
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2936
  • C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\StartRestart.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    1⤵
      PID:3928

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads