Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Discord-To...in.zip

windows7-x64

1

Discord-To...in.zip

windows10-2004-x64

1

Discord-To...UCT.md

windows7-x64

3

Discord-To...UCT.md

windows10-2004-x64

3

Discord-To...ICENSE

windows7-x64

1

Discord-To...ICENSE

windows10-2004-x64

1

Discord-To...DME.md

windows7-x64

3

Discord-To...DME.md

windows10-2004-x64

3

Discord-To...es.txt

windows7-x64

1

Discord-To...es.txt

windows10-2004-x64

1

Discord-To...ns.txt

windows7-x64

1

Discord-To...ns.txt

windows10-2004-x64

1

Discord-To...cha.py

windows7-x64

3

Discord-To...cha.py

windows10-2004-x64

3

Discord-To...ain.py

windows7-x64

3

Discord-To...ain.py

windows10-2004-x64

3

Discord-To...ts.txt

windows7-x64

1

Discord-To...ts.txt

windows10-2004-x64

1

Discord-To...tup.py

windows7-x64

3

Discord-To...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20/02/2024, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord-Token-Creator-main/main.py

  • Size

    7KB

  • MD5

    ad6ff932aa3d743a5aa102c254678d34

  • SHA1

    5ef2d65422ff7877d32a12b9d60b3ee23957a8ad

  • SHA256

    ba3c53c106348faeb0d2bf78af31f2c8664c0d63ed041dae0c7fd78513a1d943

  • SHA512

    bbe1c8604509bb71f5bb2a17be15f39a57845377fc92293a1bd1f3f7249de208a94512d243c0f2b7b8b75c24f970258eb32ab048205c3a669ee138d1d272c1c9

  • SSDEEP

    192:Zs8CSPbd4YeZTz6FIAwqUANiaLj4621Jqs5dZ:ZsYbmdEeAQaQJjN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Creator-main\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Discord-Token-Creator-main\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Discord-Token-Creator-main\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    34913718572c59cb1b8ad483603e9f30

    SHA1

    3987ad08c33938b0a4696a03e44ab2a14cf30c42

    SHA256

    21328d72a9e4a76175c0fd41df0a74f673919b201c71aa7fb157448cad5b45fa

    SHA512

    b4531a37c6c8765717481f1360d0d8315f5f47e67e4a0b9b942ee70ed180b25429aecff56645ff99e935110a9fe30b4f08d3877c69e1ccbb1b0b5df624cece27

    Download Submit