Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

PyGrabber.BETA.rar

windows7-x64

3

PyGrabber.BETA.rar

windows11-21h2-x64

3

Analysis

  • max time kernel
    297s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 15:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PyGrabber.BETA.rar

  • Size

    20KB

  • MD5

    5a1cec2179fcc1a5d8abe6dd854f024f

  • SHA1

    fcddfca666c9c109b3e6441f526fdbe9d1308950

  • SHA256

    060eeba1a6af6ae88083fd6b7756b7e5892e89e94dd0317757649584386b1b2d

  • SHA512

    e92a7941052bd83ee9d7689d643e78a6857e735f05ce449a9faad858b6076f69ca3387472c452455ea2b2c10c4ec720a713433d05677e5f07dd9809e79704a13

  • SSDEEP

    384:4bL4cnRhYxtBeVL9hDrnMD9oeATHi88nPzuZZRR/Slv8Gz4nT7aFdH4zQM:qM18VfDbvF8PzubRR/36467fM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2712-25-0x000007FEF7190000-0x000007FEF71C4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2712-24-0x000000013F990000-0x000000013FA88000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2712-27-0x000007FEFB3C0000-0x000007FEFB3D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-28-0x000007FEF7150000-0x000007FEF7167000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-33-0x000007FEF6180000-0x000007FEF6191000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-32-0x000007FEF65C0000-0x000007FEF65DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2712-31-0x000007FEF65E0000-0x000007FEF65F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-30-0x000007FEF6600000-0x000007FEF6617000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-29-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-26-0x000007FEF5890000-0x000007FEF5B44000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2712-34-0x000007FEF5690000-0x000007FEF5890000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2712-36-0x000007FEF6140000-0x000007FEF617F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2712-37-0x000007FEF60C0000-0x000007FEF60E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2712-38-0x000007FEF60A0000-0x000007FEF60B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-39-0x000007FEF6080000-0x000007FEF6091000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-40-0x000007FEF6060000-0x000007FEF6071000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-41-0x000007FEF6040000-0x000007FEF6051000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-47-0x000007FEF4570000-0x000007FEF45DF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2712-42-0x000007FEF5FB0000-0x000007FEF5FCB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2712-43-0x000007FEF5F90000-0x000007FEF5FA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-44-0x000007FEF5F70000-0x000007FEF5F88000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-55-0x000007FEF4400000-0x000007FEF4412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2712-35-0x000007FEF45E0000-0x000007FEF568B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2712-54-0x000007FEF4420000-0x000007FEF4431000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-53-0x000007FEF4440000-0x000007FEF4463000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2712-52-0x000007FEF4470000-0x000007FEF4487000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-51-0x000007FEF4490000-0x000007FEF44B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2712-50-0x000007FEF44C0000-0x000007FEF44E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2712-49-0x000007FEF44F0000-0x000007FEF4546000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2712-48-0x000007FEF4550000-0x000007FEF4561000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-46-0x000007FEF5ED0000-0x000007FEF5F37000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2712-45-0x000007FEF5F40000-0x000007FEF5F70000-memory.dmp

    Filesize

    192KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.