Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
297s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19/06/2024, 15:25 UTC
Behavioral task
behavioral1
Sample
PyGrabber.BETA.rar
Resource
win7-20231129-en
8 signatures
300 seconds
Behavioral task
behavioral2
Sample
PyGrabber.BETA.rar
Resource
win11-20240611-en
4 signatures
300 seconds
General
-
Target
PyGrabber.BETA.rar
-
Size
20KB
-
MD5
5a1cec2179fcc1a5d8abe6dd854f024f
-
SHA1
fcddfca666c9c109b3e6441f526fdbe9d1308950
-
SHA256
060eeba1a6af6ae88083fd6b7756b7e5892e89e94dd0317757649584386b1b2d
-
SHA512
e92a7941052bd83ee9d7689d643e78a6857e735f05ce449a9faad858b6076f69ca3387472c452455ea2b2c10c4ec720a713433d05677e5f07dd9809e79704a13
-
SSDEEP
384:4bL4cnRhYxtBeVL9hDrnMD9oeATHi88nPzuZZRR/Slv8Gz4nT7aFdH4zQM:qM18VfDbvF8PzubRR/36467fM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2712 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2712 vlc.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2712 vlc.exe 2712 vlc.exe 2712 vlc.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2712 vlc.exe 2712 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2712 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1472 wrote to memory of 2024 1472 cmd.exe 29 PID 1472 wrote to memory of 2024 1472 cmd.exe 29 PID 1472 wrote to memory of 2024 1472 cmd.exe 29 PID 2024 wrote to memory of 2712 2024 rundll32.exe 30 PID 2024 wrote to memory of 2712 2024 rundll32.exe 30 PID 2024 wrote to memory of 2712 2024 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar1⤵
- Suspicious use of WriteProcessMemory
PID:1472 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\PyGrabber.BETA.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2712
-
-