Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

python-3.1...64.exe

windows7-x64

4

Analysis

  • max time kernel
    1565s
  • max time network
    1567s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.12.2-amd64.exe

  • Size

    25.4MB

  • MD5

    44abfae489d87cc005d50a9267b5d58d

  • SHA1

    af778548383c17cb154530f1c06344c9cced9272

  • SHA256

    b9314802f9efbf0f20a8e2cb4cacc4d5cfb0110dac2818d94e770e1ba5137c65

  • SHA512

    e955f0bee350cd8f7e4da6a8e8f02db40e477b7465a77c8ecab46a54338c0a9d8acf3d22d524af2c45c25685df2468970ea1b70b83321c7f8e3fae230f3c7f16

  • SSDEEP

    786432:uNcuYm2DFVdFu6P92HSenQKvgzu6V9C8DBH:gt2DNFuI9+nQKvgzdJH

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.12.2-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.12.2-amd64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\Temp\{91F302F6-41D0-4CAF-B35D-852117CEC9EA}\.cr\python-3.12.2-amd64.exe
      "C:\Windows\Temp\{91F302F6-41D0-4CAF-B35D-852117CEC9EA}\.cr\python-3.12.2-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.2-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{7AB04336-0565-480E-ADB8-1E450325C427}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit

  • \Windows\Temp\{7AB04336-0565-480E-ADB8-1E450325C427}\.ba\PythonBA.dll
    Filesize

    675KB

    MD5

    8294dc8850dd596d0ce8455167496832

    SHA1

    5c75c685c95bee8c1a39187da8af46b6c7892757

    SHA256

    565f03893da383e5bec8c6eaa7c8fbb3e6db0b9bddd5a1399b0dec66fa44d64d

    SHA512

    21015ca201b64e3316f3d1ee32e4c562d0142111c1ed576f03aa078619fe656c56848b5998313af23aabb97293c5452be0e27d5c44878be5d90ac2d2d2f05851

    Download Submit

  • \Windows\Temp\{91F302F6-41D0-4CAF-B35D-852117CEC9EA}\.cr\python-3.12.2-amd64.exe
    Filesize

    858KB

    MD5

    ab21a1bea9e3eaab64a2c062ab613221

    SHA1

    310b1f7921af8edf125eacba71944b6e5356acdf

    SHA256

    1474dbd6a33da8f2f0b50007ba48f0c1ddb3e0e6f8c969722eed1e683a9af68a

    SHA512

    b39b5a24bb7b2d3ead8aed284452c94280398a9e4855f17a8e3593fe718e9b3573e88b15f1dd4659030827e754b17e7f918ba24803e4d522ad9601167fb70df4

    Download Submit