Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Acc_Generator_V3.rar

windows7-x64

3

Acc_Generator_V3.rar

windows10-2004-x64

8

Acc Genera...V3.exe

windows7-x64

7

Acc Genera...V3.exe

windows10-2004-x64

7

�3D�tn�.pyc

windows7-x64

�3D�tn�.pyc

windows10-2004-x64

Acc Genera...V3.pdb

windows7-x64

3

Acc Genera...V3.pdb

windows10-2004-x64

3

Acc Genera...I2.dll

windows7-x64

1

Acc Genera...I2.dll

windows10-2004-x64

1

Acc Genera...ui.ini

windows7-x64

1

Acc Genera...ui.ini

windows10-2004-x64

1

Analysis

  • max time kernel
    840s
  • max time network
    846s
  • platform
    windows7_x64
  • resource
    win7-20240221-de
  • resource tags

    arch:x64arch:x86image:win7-20240221-delocale:de-deos:windows7-x64systemwindows
  • submitted
    16/04/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Acc Generator V3/Acc Generator V3.pdb

  • Size

    7.9MB

  • MD5

    5cbc73d0f33ed7ae7c5c343f38a51878

  • SHA1

    f0ccbc14720d9f440364bf70bd2850cf97d2485c

  • SHA256

    7f7e08ddb501da24713f589e02a21479e088f41611c666e0f432ff1160ac5822

  • SHA512

    a1254ef5df619197820e766da9dc63326a3edc3f8c486fa9c3c32e3749fb9c66e00341cb6d5b0bf8390139b9d05a82bda566505822e09b1f41d12680926b24d7

  • SSDEEP

    98304:x4+LSnRUbtojIn6XOMImQ76FmKDEtLZE4CB1yCb2wBmIwo4N2pks9KPZaeLHGQrd:Vn6ksAjrgrkX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Acc Generator V3\Acc Generator V3.pdb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Acc Generator V3\Acc Generator V3.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1092
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Acc Generator V3\Acc Generator V3.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    235459880765ca13fc78f00243698721

    SHA1

    d65229a8b40b637f576f06430f648354e601e92a

    SHA256

    c3c5a025b8b9233faf43a7a0966665064b7d0db2fd63e44cda25a7fad792359c

    SHA512

    37793039d6819b1fe95cc7d2241ca57db25cbaa52eda40b36745d89b5ed14c39388fca64e5bff6e2959244d8b6e39aff78041f69f1da5e1f67db5e90d2b9d92b

    Download Submit