Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 05:57

General

  • Target

    Luna-Grabber-main/options/SelfDestruct.py

  • Size

    880B

  • MD5

    3232f46b2c3d898f6d8b805c6b7078e2

  • SHA1

    ff49af62b4ce4a9d82b2da5a8a89e1940f710529

  • SHA256

    51490d94f9cbe9371904c1d60d884de62657618a5ee36e5cbc6a065bb648029f

  • SHA512

    f7fba6a480d9d4a5cc96267ea21784f8388c28ac4337ae3cf63babc0dd133e63a06f0e63cc61f53e361f8094214b0744f87c38392bc2cc90ccffb11e54a9c0c9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\SelfDestruct.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\SelfDestruct.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\SelfDestruct.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    090389526cdd94e9de1f9af24e1dd636

    SHA1

    139d94d7963a2a497b90c158338fd33b93eb36fb

    SHA256

    5e43d99dc0d4b63caf22db854cb50de237e4f94c027a56366b2520492b725cd1

    SHA512

    0d33fda890245821cdbcadd55ce903ca1b4622ec6bfac7d76be0c9d8c084a34664e529b8fe5d2a21d914c51b8913f7d0f7d1ec48ee3be113e678f1a9bef014cf