Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

py.exe

windows7-x64

py.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    87s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 23:46

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    py.exe

  • Size

    5.9MB

  • MD5

    5a4d6ce7740eee61a160e0673547c8a6

  • SHA1

    d8f66ddd56d33f5e053b26c403900f2643ed384f

  • SHA256

    190fd613a7f89298cda01bfa4d7cd5ae623f989ead645190c1b11c787b761081

  • SHA512

    f941c6943e60451e3223a3f4354a257ac3048676bedde5c9c9442cc3913bb1816b371fa51540c0bb01dc56d2b9844512833e606003fc002097a09d9f9695a2aa

  • SSDEEP

    98304:7RmoDUN43WlacdjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6ahnMLv:7RumW1OjmFwDRxtYSHdK34kdai7bN3mk

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\py.exe
    "C:\Users\Admin\AppData\Local\Temp\py.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Users\Admin\AppData\Local\Temp\py.exe
      "C:\Users\Admin\AppData\Local\Temp\py.exe"
      2⤵
      • Loads dropped DLL
      PID:2576
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectSearch.mov"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2280
  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RemoveOut.odt"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:340
  • C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" -s -t 0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2820
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:276
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI21002\python310.dll
        Filesize

        1.4MB

        MD5

        4a6afa2200b1918c413d511c5a3c041c

        SHA1

        39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

        SHA256

        bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

        SHA512

        dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
        Filesize

        20KB

        MD5

        6da562c5e8d10c783fa3173277880561

        SHA1

        6545834ebdf407859f3995847df8a8da1b1fb13a

        SHA256

        6056f871f5031229b852a75d8501f3ffe41f14dbf9a6d73c5eb91fa8bb2858af

        SHA512

        be9ecfe21108105c5b3badd33cb0b52d0f41586366f55b0685c806cfca5aae8e9bc9e94d8de7b34319e11867f9eb7e51e92e5784722de401ec2f8554d523ba20

        Download Submit

      • memory/276-156-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/340-49-0x000000002FB91000-0x000000002FB92000-memory.dmp

        Filesize

        4KB

        Download

      • memory/340-50-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/340-51-0x000000007168D000-0x0000000071698000-memory.dmp

        Filesize

        44KB

        Download

      • memory/340-73-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/340-74-0x000000007168D000-0x0000000071698000-memory.dmp

        Filesize

        44KB

        Download

      • memory/2280-75-0x000000013F780000-0x000000013F878000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2280-76-0x000007FEF5A00000-0x000007FEF5A34000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2280-77-0x000007FEF5740000-0x000007FEF59F4000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2280-78-0x000007FEF76F0000-0x000007FEF7708000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2280-79-0x000007FEF76A0000-0x000007FEF76B7000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2280-80-0x000007FEF6A70000-0x000007FEF6A81000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-81-0x000007FEF5560000-0x000007FEF5577000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2280-82-0x000007FEF5540000-0x000007FEF5551000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-83-0x000007FEF5520000-0x000007FEF553D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2280-84-0x000007FEF5500000-0x000007FEF5511000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-85-0x000007FEF4450000-0x000007FEF54FB000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2280-86-0x000007FEF4250000-0x000007FEF4450000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2280-92-0x000007FEF4160000-0x000007FEF4171000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-91-0x000007FEF4180000-0x000007FEF4191000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-90-0x000007FEF41A0000-0x000007FEF41B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-89-0x000007FEF41C0000-0x000007FEF41D8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2280-88-0x000007FEF41E0000-0x000007FEF4201000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2280-95-0x000007FEF4100000-0x000007FEF4118000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2280-94-0x000007FEF4120000-0x000007FEF4131000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-93-0x000007FEF4140000-0x000007FEF415B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/2280-87-0x000007FEF4210000-0x000007FEF424F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/2280-96-0x000007FEF40D0000-0x000007FEF4100000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2280-97-0x000007FEF4060000-0x000007FEF40C7000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2280-99-0x000007FEF3FD0000-0x000007FEF3FE1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-100-0x000007FEF3F70000-0x000007FEF3FC6000-memory.dmp

        Filesize

        344KB

        Download

      • memory/2280-98-0x000007FEF3FF0000-0x000007FEF405F000-memory.dmp

        Filesize

        444KB

        Download

      • memory/2280-101-0x000007FEF3F40000-0x000007FEF3F68000-memory.dmp

        Filesize

        160KB

        Download

      • memory/2280-102-0x000007FEF3F10000-0x000007FEF3F34000-memory.dmp

        Filesize

        144KB

        Download

      • memory/2280-103-0x000007FEF3EF0000-0x000007FEF3F07000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2280-104-0x000007FEF3EC0000-0x000007FEF3EE3000-memory.dmp

        Filesize

        140KB

        Download

      • memory/2280-106-0x000007FEF3E80000-0x000007FEF3E92000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2280-107-0x000007FEF3E50000-0x000007FEF3E71000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2280-105-0x000007FEF3EA0000-0x000007FEF3EB1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-108-0x000007FEF3E30000-0x000007FEF3E43000-memory.dmp

        Filesize

        76KB

        Download

      • memory/2280-109-0x000007FEF3E10000-0x000007FEF3E22000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2280-111-0x000007FEF3CA0000-0x000007FEF3CCC000-memory.dmp

        Filesize

        176KB

        Download

      • memory/2280-110-0x000007FEF3CD0000-0x000007FEF3E0B000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2280-112-0x000007FEF3AE0000-0x000007FEF3C92000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2280-113-0x000007FEF3A80000-0x000007FEF3ADC000-memory.dmp

        Filesize

        368KB

        Download

      • memory/2280-114-0x000007FEF3A60000-0x000007FEF3A71000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-115-0x000007FEF39C0000-0x000007FEF3A57000-memory.dmp

        Filesize

        604KB

        Download

      • memory/2280-116-0x000007FEF39A0000-0x000007FEF39B2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2280-117-0x000007FEF3760000-0x000007FEF3991000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2280-118-0x000007FEF3640000-0x000007FEF3752000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2280-119-0x000007FEF3600000-0x000007FEF3635000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2280-120-0x000007FEF35D0000-0x000007FEF35F5000-memory.dmp

        Filesize

        148KB

        Download

      • memory/2280-121-0x000007FEF35B0000-0x000007FEF35C1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-122-0x000007FEF3540000-0x000007FEF35A1000-memory.dmp

        Filesize

        388KB

        Download

      • memory/2280-125-0x000007FEF34E0000-0x000007FEF34F3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/2280-124-0x000007FEF3500000-0x000007FEF3512000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2280-123-0x000007FEF3520000-0x000007FEF3531000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-126-0x000007FEF3440000-0x000007FEF34DF000-memory.dmp

        Filesize

        636KB

        Download

      • memory/2280-127-0x000007FEF3420000-0x000007FEF3431000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-128-0x000007FEF3310000-0x000007FEF3412000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2280-129-0x000007FEF32F0000-0x000007FEF3301000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-130-0x000007FEF32D0000-0x000007FEF32E1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-131-0x000007FEF32B0000-0x000007FEF32C1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2280-132-0x000007FEF3290000-0x000007FEF32A2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2280-133-0x000007FEF3270000-0x000007FEF3288000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2280-134-0x000007FEF3250000-0x000007FEF3266000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2280-135-0x000007FEF3220000-0x000007FEF3249000-memory.dmp

        Filesize

        164KB

        Download

      • memory/2280-136-0x000007FEF3200000-0x000007FEF3212000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2564-157-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2576-23-0x000007FEF6280000-0x000007FEF66E6000-memory.dmp

        Filesize

        4.4MB

        Download