Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

待办整�...40.dll

windows7-x64

1

待办整�...40.dll

windows10-2004-x64

1

待办整�...z2.dll

windows7-x64

1

待办整�...z2.dll

windows10-2004-x64

1

待办整�...es.dll

windows7-x64

1

待办整�...es.dll

windows10-2004-x64

1

待办整�...al.dll

windows7-x64

1

待办整�...al.dll

windows10-2004-x64

1

待办整�...ib.dll

windows7-x64

1

待办整�...ib.dll

windows10-2004-x64

1

待办整�...ma.dll

windows7-x64

1

待办整�...ma.dll

windows10-2004-x64

1

待办整�...er.dll

windows7-x64

1

待办整�...er.dll

windows10-2004-x64

1

_collections_abc.pyc

windows7-x64

3

_collections_abc.pyc

windows10-2004-x64

3

_weakrefset.pyc

windows7-x64

3

_weakrefset.pyc

windows10-2004-x64

3

abc.pyc

windows7-x64

3

abc.pyc

windows10-2004-x64

3

codecs.pyc

windows7-x64

3

codecs.pyc

windows10-2004-x64

3

collection...__.pyc

windows7-x64

3

collection...__.pyc

windows10-2004-x64

3

collections/abc.pyc

windows7-x64

3

collections/abc.pyc

windows10-2004-x64

3

copyreg.pyc

windows7-x64

3

copyreg.pyc

windows10-2004-x64

3

encodings/...__.pyc

windows7-x64

3

encodings/...__.pyc

windows10-2004-x64

3

encodings/aliases.pyc

windows7-x64

3

encodings/aliases.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    codecs.pyc

  • Size

    43KB

  • MD5

    de91b2473258f1d41907b13869c71cfd

  • SHA1

    0fb13bdb5259bd6a9892c140d85937b5ff9e9e57

  • SHA256

    26f5af7ce859a1016d0dd30ae1084751d18e50b6b2ce991314fe060ae6880845

  • SHA512

    0291a1479051402f8921f468d60ddd9524dfbf3d9fbaa5c24c551cbcb65682b4456cd5e0411506f515545dda6d13e6b3024c9a3dfd2f04520286ca0c760ab207

  • SSDEEP

    768:mctNHwz9foVdWcgxVeNYKbgP9NJgOs6bW0p1jxgabIBDvU2Ztq3EmGTfF2yEa684:mFrxVvZksxxg8IBQ2Ztq3EmGTfF2ha4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\codecs.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\codecs.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2372
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\codecs.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4f8068531d3e3a26f962d265020f66c3

    SHA1

    df3356fae63f6ab7314c706e1c7c1fb373deed41

    SHA256

    95d9b8239e5ab70a314550ca9597cbd1bcf16ca53facfdf42b10ec590a54d8dc

    SHA512

    fb074fa7c63e04a120b2a8452c11974fdca6577056394dea6b3121f4c277129ea68293a11aeb4072dcbecd7ecd14276eb9c314775a60bbdde73d6cd387b73fed

    Download Submit