Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
9s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 17:11
Static task
static1
Behavioral task
behavioral1
Sample
hyperionexecutor.py
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
hyperionexecutor.py
Resource
win10v2004-20240709-en
General
-
Target
hyperionexecutor.py
-
Size
6KB
-
MD5
78b061ff82aa05fb4d380ade975f17e9
-
SHA1
d2de908d5f9addfb071a4a4424f293df87755d08
-
SHA256
661ba72aa3ae7102878d6fcb30bd72ac056291905eb6614cbbf8a028da9094cf
-
SHA512
f7d8be4cb5129eabc02a15da885855615db9153197bb37e713bbaf34d116e2e6474619d99e92364eb5d276d9e5838afa237605ffe537133c0c279bb55ff9f8cc
-
SSDEEP
96:xQRCE60+bFCoQVlpPCInq/pT8rijSgv9DZLxqPZ+KnWL+gejI/Zqq93W8wP3nogg:xbEXagLA/amx1Z8LCsjI/ZqawPbQX
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2060 wrote to memory of 2128 2060 cmd.exe 31 PID 2060 wrote to memory of 2128 2060 cmd.exe 31 PID 2060 wrote to memory of 2128 2060 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\hyperionexecutor.py1⤵
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\hyperionexecutor.py2⤵
- Modifies registry class
PID:2128
-