Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    102s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 01:20

General

  • Target

    auto_rig_pro-master/__init__.py

  • Size

    5KB

  • MD5

    cb829de0ef04923683afb18f2c92780d

  • SHA1

    56293876e46ff1915b83f72456bedb492a24e85f

  • SHA256

    fd32cca387f08dd536c0cfd166697cbc159c52265129cfdc34cca2eeae1cc35c

  • SHA512

    f4ab0c719cd0ab328745b898c4c061f8ead1bd8345f4020638cadf22022900c4b6f322cfc4447d3b7d940987974c53329a621d0549ec3df53812e59bd4123ad5

  • SSDEEP

    96:8XfzLjHiZhY8qe5cpqJQlCCBC59R2uscLdRuZu9E7NafgOxEXl6oahbsl2t/e:8Xf/eRePlaZWu9E7NxOxEXl6ocbsl2t2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\auto_rig_pro-master\__init__.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\auto_rig_pro-master\__init__.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\auto_rig_pro-master\__init__.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    cf1b146709220474ad4af45130c14985

    SHA1

    ee12fb89a8ef61af50598cb53c1c09cf23c327d5

    SHA256

    f33b09c2d6e357adc03276ea84d9995d5331530bdc4b3b0e521dbb55770f9479

    SHA512

    4aee24f65cb615383c1965de44f77a8f7d2c61e7a5217433a3cea807bce65429d4a863f36de5c87b0a707ad54e824a2e2da4d7d856e330e713f784c61b0059dd