Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

3d.py

windows7-x64

3

3d.py

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 12:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d.py

  • Size

    2KB

  • MD5

    a65538efe5a428646c2068c75ff500ac

  • SHA1

    91eff7472be8cf14d0f866c336f8186a696ba643

  • SHA256

    4e6d0b49ce3a8f3feb238f087ecbb68ddde8f2e10393a4dd9ef134f2606519f3

  • SHA512

    cb23b6f0d50b8bfa46ea233d1f2ed13c4a80d387585f5e2781ad5ea9b16b395479756c5a58086051784589d92bfd85f6f3cec61182301475b64e281558f5c933

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3d.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\3d.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3d.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    98ddea64aa9e1e17f83d3399767a2c4d

    SHA1

    8a41b23d76c33cf81a091c1e5268ae160584150c

    SHA256

    2115e5625cd73161af5db585e30efbda4a14a3fd0fd881ffa06b82c7f496f722

    SHA512

    79761d96dd777dcd997daad2ead076738ac1cd729e2545f9b93f5147fd85f9c1f2c0a630208686d36b48f2925bdf25312a914cdfed8b6821a948b22b030af793

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.