Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

PyGrabber.BETA.rar

windows7-x64

3

PyGrabber.BETA.rar

windows11-21h2-x64

3

Analysis

  • max time kernel
    297s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PyGrabber.BETA.rar

  • Size

    20KB

  • MD5

    5a1cec2179fcc1a5d8abe6dd854f024f

  • SHA1

    fcddfca666c9c109b3e6441f526fdbe9d1308950

  • SHA256

    060eeba1a6af6ae88083fd6b7756b7e5892e89e94dd0317757649584386b1b2d

  • SHA512

    e92a7941052bd83ee9d7689d643e78a6857e735f05ce449a9faad858b6076f69ca3387472c452455ea2b2c10c4ec720a713433d05677e5f07dd9809e79704a13

  • SSDEEP

    384:4bL4cnRhYxtBeVL9hDrnMD9oeATHi88nPzuZZRR/Slv8Gz4nT7aFdH4zQM:qM18VfDbvF8PzubRR/36467fM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2712-25-0x000007FEF7190000-0x000007FEF71C4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2712-24-0x000000013F990000-0x000000013FA88000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2712-27-0x000007FEFB3C0000-0x000007FEFB3D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-28-0x000007FEF7150000-0x000007FEF7167000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-33-0x000007FEF6180000-0x000007FEF6191000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-32-0x000007FEF65C0000-0x000007FEF65DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2712-31-0x000007FEF65E0000-0x000007FEF65F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-30-0x000007FEF6600000-0x000007FEF6617000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-29-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-26-0x000007FEF5890000-0x000007FEF5B44000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2712-34-0x000007FEF5690000-0x000007FEF5890000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2712-36-0x000007FEF6140000-0x000007FEF617F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2712-37-0x000007FEF60C0000-0x000007FEF60E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2712-38-0x000007FEF60A0000-0x000007FEF60B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-39-0x000007FEF6080000-0x000007FEF6091000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-40-0x000007FEF6060000-0x000007FEF6071000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-41-0x000007FEF6040000-0x000007FEF6051000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-47-0x000007FEF4570000-0x000007FEF45DF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2712-42-0x000007FEF5FB0000-0x000007FEF5FCB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2712-43-0x000007FEF5F90000-0x000007FEF5FA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-44-0x000007FEF5F70000-0x000007FEF5F88000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2712-55-0x000007FEF4400000-0x000007FEF4412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2712-35-0x000007FEF45E0000-0x000007FEF568B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2712-54-0x000007FEF4420000-0x000007FEF4431000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-53-0x000007FEF4440000-0x000007FEF4463000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2712-52-0x000007FEF4470000-0x000007FEF4487000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2712-51-0x000007FEF4490000-0x000007FEF44B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2712-50-0x000007FEF44C0000-0x000007FEF44E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2712-49-0x000007FEF44F0000-0x000007FEF4546000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2712-48-0x000007FEF4550000-0x000007FEF4561000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2712-46-0x000007FEF5ED0000-0x000007FEF5F37000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2712-45-0x000007FEF5F40000-0x000007FEF5F70000-memory.dmp

    Filesize

    192KB

    Download