Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Xvirus-Too...rus.py

windows7-x64

3

Xvirus-Too...rus.py

windows10-2004-x64

3

Xvirus-Too...up.bat

windows7-x64

1

Xvirus-Too...up.bat

windows10-2004-x64

1

Xvirus-Too...rt.bat

windows7-x64

1

Xvirus-Too...rt.bat

windows10-2004-x64

1

Xvirus-Too...t__.py

windows7-x64

1

Xvirus-Too...t__.py

windows10-2004-x64

3

Xvirus-Too...les.py

windows7-x64

3

Xvirus-Too...les.py

windows10-2004-x64

3

Xvirus-Too...mer.py

windows7-x64

3

Xvirus-Too...mer.py

windows10-2004-x64

3

Xvirus-Too...ger.py

windows7-x64

3

Xvirus-Too...ger.py

windows10-2004-x64

3

Xvirus-Too...ort.py

windows7-x64

3

Xvirus-Too...ort.py

windows10-2004-x64

3

Xvirus-Too...mer.py

windows7-x64

3

Xvirus-Too...mer.py

windows10-2004-x64

3

Xvirus-Too...ger.py

windows7-x64

3

Xvirus-Too...ger.py

windows10-2004-x64

3

Xvirus-Too...ker.py

windows7-x64

3

Xvirus-Too...ker.py

windows10-2004-x64

3

Xvirus-Too...ker.py

windows7-x64

3

Xvirus-Too...ker.py

windows10-2004-x64

3

Xvirus-Too...ner.py

windows7-x64

3

Xvirus-Too...ner.py

windows10-2004-x64

3

Xvirus-Too...ver.py

windows7-x64

3

Xvirus-Too...ver.py

windows10-2004-x64

3

Xvirus-Too...ger.py

windows7-x64

3

Xvirus-Too...ger.py

windows10-2004-x64

3

Xvirus-Too...ver.py

windows7-x64

3

Xvirus-Too...ver.py

windows10-2004-x64

3

Analysis

  • max time kernel
    123s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 11:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xvirus-Tools-1.7.1/util/options/hypesquad_changer.py

  • Size

    848B

  • MD5

    76f7f1aaf4b032981e2ccce6f5e2ec87

  • SHA1

    f0664b5160bf8a3fbd1acad9807e1b799a0dc709

  • SHA256

    4d4caa5188df4dd6969e0daba7641ecf51adf79285cf42766284a0ade37ad384

  • SHA512

    1eca05ef1685e3f565d1df1c8727d89d064dc9cfecd465089d11b4e6560f8bd004f939bc8a614cfccfc24628e1dc62445be403d0ff673d3124636503034436ff

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.1\util\options\hypesquad_changer.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.1\util\options\hypesquad_changer.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.1\util\options\hypesquad_changer.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    36c350dd1d3fcc3f778f827e9bc6e3b9

    SHA1

    25f5aa85ab7f9918511548f8e650f6fbf2950d6c

    SHA256

    8fbe8b8b7ad929811bc0dc755c9e18d95d4e5966b348af345a65eceb5bf0264c

    SHA512

    8c687f8943cff8ec26c84afc7ef5ecddd5340b329a88b6ab69a29ce31ce6f36cf1e0ceb5d4366c8f2959d07c80b5b64ed10cbbb6ad44b400899426982fa3bcd4

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.