Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ElectronV3.rar

windows7-x64

3

ElectronV3.rar

windows10-2004-x64

3

ElectronV3...V3.exe

windows7-x64

7

ElectronV3...V3.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

ElectronV3...ee.txt

windows7-x64

1

ElectronV3...ee.txt

windows10-2004-x64

1

ElectronV3...ld.txt

windows7-x64

1

ElectronV3...ld.txt

windows10-2004-x64

ElectronV3..._FE.iy

windows7-x64

3

ElectronV3..._FE.iy

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    31/08/2024, 14:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stub.pyc

  • Size

    875KB

  • MD5

    362a5b1efbbda44240533e13cad8f122

  • SHA1

    d90715b86e44fba5383c967c1d36e6ac15b38e47

  • SHA256

    9318ab1fefde5fdbb18fb4bc01cd29c5c048565b1a07b049874bea3d90041aed

  • SHA512

    fa771ae4cc93893582941ec9d1f66d2bc96bd16ecdbaf7974d1c8638a890ba790efd23554827816e9e1bdb91fab16751ef691da72b8f20a0af2bb46f23540688

  • SSDEEP

    24576:YfnsmgKBdjdB4fjWIS/BRSVgYIjYR4KYpqhNaarU:szj4fujMmnpiaaY

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Stub.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Stub.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    707f8c44f5d813e16fdc2adb6284380f

    SHA1

    ca1381bcbaeb938d4fcb0a1af0b2ba36e3bc2ff7

    SHA256

    498d53e77415254fdf4c412aceadd0bb3c31bbd9874e8cb6d8ac2fce721399e9

    SHA512

    c6e24903769d47d9bb4e00a396370e6ce8d0b4e184e2b205d87254cde7b7490318b6711c46c5cdfa9ebeb63e6ac8d9bf40cb82b678320bb55044ca52cc7c41dd

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.