Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
107s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
03/02/2024, 14:03
General
-
Target
main.pyc
-
Size
4KB
-
MD5
78044e0945749775910ce61a3a0c8f74
-
SHA1
72ed0e3180c2f62b1e70c08dda96dc083f2a0074
-
SHA256
391cda8393509999ba2bc99c764de7ddb6b5b03a70a29af87bf50a1d5e09a17e
-
SHA512
a77820098223d5ff35f93da1876556b1dcda5f14837a155b9db73140dfb2e792e7137decfa342e9321ff96e06330ac48d392b35512b0e7f8145db6da664a06ab
-
SSDEEP
96:QEHXKag/on8jIIVTfHAlVPflDji+kgZjPlsx9SHfUh:d6agwIVTfJgZy3Nh
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyc2⤵
- Opens file in notepad (likely ransom note)
-