Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Eyada - Genshin.exe

windows7-x64

7

Eyada - Genshin.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

6

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/12/2023, 23:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.pyc

  • Size

    163KB

  • MD5

    7763719e0071f4e71ed010ac29a4b56b

  • SHA1

    85959c693807a0fd14b921523d31e20564b8386e

  • SHA256

    7002e97fcdbdd31c5d02921b82018e2cf7337a1855f1178d96dbe07e23860567

  • SHA512

    c4d0b9350e22e017f04c831a3c9f83563c027860fc9ca3d13f9d0b9d5335f8f7dbbe3fe243593d79cb7d076227fb91421bbbff59e91ad31f7a9a61510c976287

  • SSDEEP

    3072:63L7GG1/psR7oIi/jnEeSQGMvCgYcMa7C8IW:63/Gk07oI+AeSpMvCgYcMCC0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    142649545fbaae38232c2d9c9257c7e2

    SHA1

    d7f62e0784237fc53bb6d5531febffd65465f8f4

    SHA256

    51f12b1779c133ae57e38a84c85d6595db387fe0d7cca65de2a12aa1b803164a

    SHA512

    6b9ba9319eacd4a86d92f1d2e7ff979979a95e46d46d4581b08df0038f181a173aaf581076942856c48799ebe48f81ecf763b8219b5def30e7889d90b9b73db8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.