Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

6f740ba69a...ae.apk

android-9-x86

10

6f740ba69a...ae.apk

android-10-x64

10

6f740ba69a...ae.apk

android-11-x64

10

license-ru.html

windows7-x64

1

license-ru.html

windows10-2004-x64

1

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

UserDict.pyc

windows7-x64

3

UserDict.pyc

windows10-2004-x64

5

_abcoll.pyc

windows7-x64

3

_abcoll.pyc

windows10-2004-x64

3

_sysconfigdata.pyc

windows7-x64

3

_sysconfigdata.pyc

windows10-2004-x64

3

_weakrefset.pyc

windows7-x64

3

_weakrefset.pyc

windows10-2004-x64

3

abc.pyc

windows7-x64

3

abc.pyc

windows10-2004-x64

3

copy_reg.pyc

windows7-x64

3

copy_reg.pyc

windows10-2004-x64

3

genericpath.pyc

windows7-x64

3

genericpath.pyc

windows10-2004-x64

3

linecache.pyc

windows7-x64

3

linecache.pyc

windows10-2004-x64

3

os.pyc

windows7-x64

3

os.pyc

windows10-2004-x64

3

posixpath.pyc

windows7-x64

3

posixpath.pyc

windows10-2004-x64

3

re.pyc

windows7-x64

3

re.pyc

windows10-2004-x64

3

site.pyc

windows7-x64

3

site.pyc

windows10-2004-x64

3

sre_compile.pyc

windows7-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2023, 22:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    genericpath.pyc

  • Size

    3KB

  • MD5

    9218a22bb71073ba455b83f245af3893

  • SHA1

    04f6e152e228035575ac3a8ce950595d5f96e0f4

  • SHA256

    89a30b8bcf984d0d5538e086c2e5e76f9683d0d87c711a8fb4389331d4342807

  • SHA512

    2518d77e3d37621875768e42818c1051629fbbd0be1f213881843695f910c054dbf1cd040c855fec361f68308aa057d10a8e7efc3ac56d3664e4e812695f9e81

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\genericpath.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\genericpath.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\genericpath.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ba25e7b96e87d971c2e06cc62ff6508d

    SHA1

    863426d088691685b6106b6de019b9998e6c2635

    SHA256

    dbab5a4c3ac671f254a9167d04a83dd0d290467a318187935da235dd27356cb2

    SHA512

    739862be77bca6049bff47958a06a70a9e3b50f6745987148780fe34e51a1f09b085af89c3f23f1fc21a1077bbea186d241645d0bd79bc65d462849ce9938474

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.