Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

cs+changer.exe

windows7-x64

7

cs+changer.exe

windows10-2004-x64

9

loader-o.pyc

windows7-x64

3

loader-o.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cs+changer.exe

  • Size

    57.2MB

  • MD5

    4f89f4e58160db47d19260b5f9de9bca

  • SHA1

    9599c5e021195c4b9355f2bf6e59a6067379cfc1

  • SHA256

    50259bd5d39e1d33d5ca3250ba67333c57c11c08959d237404166b4356572aa6

  • SHA512

    d5682ae141f3e241967859bd3dbf99eda859bf3d89032457141b1372dc4d540c244a48aab8ba64aa2d3be64691a5c6f8fcaab75086d7ec3307bc0170300a364b

  • SSDEEP

    1572864:qxB7vFQqMrlpA+Ql4VdIvIe6MqQZ19Wb84xhvsZ:qxBJyklAIvNF/9e8ehM

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cs+changer.exe
    "C:\Users\Admin\AppData\Local\Temp\cs+changer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\cs+changer.exe
      "C:\Users\Admin\AppData\Local\Temp\cs+changer.exe"
      2⤵
      • Loads dropped DLL
      PID:2384
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI21802\python312.dll
      Filesize

      1.7MB

      MD5

      8f165bfadf970edafd59067ad45a3952

      SHA1

      16c1876f2233087156b49db35d4d935c6e17be6a

      SHA256

      22470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d

      SHA512

      b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI21802\typeguard-4.3.0.dist-info\INSTALLER
      Filesize

      4B

      MD5

      365c9bfeb7d89244f2ce01c1de44cb85

      SHA1

      d7a03141d5d6b1e88b6b59ef08b6681df212c599

      SHA256

      ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

      SHA512

      d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

      Download Submit

    • memory/2384-1674-0x000007FEF6C50000-0x000007FEF7314000-memory.dmp

      Filesize

      6.8MB

      Download