Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 17:50

General

  • Target

    cracked_lunar.pyc

  • Size

    4KB

  • MD5

    12a93c3ee2b59411a9887a18560b8df5

  • SHA1

    b9ad55bbacd12a061fd5130e4254a375e9e2344f

  • SHA256

    bf271fe46ded5677beb44f398a3e22d867cd1b935682d59a806ae02eaf121b24

  • SHA512

    4b7f968bd045e63cff5994092438598018344f2023e6b96a27805030a909d725ccd456b8b9e1fd053e1f0ec45a7ec631e117cfc14334c328151dd6bfdc69e45b

  • SSDEEP

    96:VbjDfGyG3+bbQ6OOssflo+UKBccccc3ccGd+o1gScHw:It3+baOssfl7vccccc3ccGd+CEw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cracked_lunar.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cracked_lunar.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cracked_lunar.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    0ed453cbcf64891825e12dec6f4f93f1

    SHA1

    3b33b5f70fe0d680902e1e9aac263faf5d3e7756

    SHA256

    538e725da304cd14670b49316b1828583887411b3d16aa4c6c0ee23c91668d7b

    SHA512

    2259719816ceb397601b1cb5e97adcd2e911abf7bd6c280702002b9424fce63b4b64dc770bc82414dfaed45421bbc954af6f53c27db3ec30b9fbca981f5dd508