Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Roblox-Mas...in.zip

windows7-x64

1

Roblox-Mas...in.zip

windows10-2004-x64

1

5df42da4-c...dc.mp4

windows7-x64

1

5df42da4-c...dc.mp4

windows10-2004-x64

6

Roblox-Mas...Ban.py

windows7-x64

3

Roblox-Mas...Ban.py

windows10-2004-x64

3

Roblox-Mas...DME.md

windows7-x64

3

Roblox-Mas...DME.md

windows10-2004-x64

3

Roblox-Mas...es.txt

windows7-x64

1

Roblox-Mas...es.txt

windows10-2004-x64

3

Roblox-Mas...ain.py

windows7-x64

3

Roblox-Mas...ain.py

windows10-2004-x64

3

Roblox-Mas...xy.txt

windows7-x64

1

Roblox-Mas...xy.txt

windows10-2004-x64

1

Roblox-Mas...up.bat

windows7-x64

1

Roblox-Mas...up.bat

windows10-2004-x64

1

Roblox-Mas...ts.txt

windows7-x64

1

Roblox-Mas...ts.txt

windows10-2004-x64

1

python-3.1...64.exe

windows7-x64

4

python-3.1...64.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    430s
  • max time network
    1150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.11.8-amd64.exe

  • Size

    24.9MB

  • MD5

    77d17044fd0de05e6f2cf4f90e87a0a2

  • SHA1

    f9fb47170f33e08cebccad93664d797130258641

  • SHA256

    fd3428eb6c80901b877d036ffa2be127ccad9bbe036a43f00fc96a48b724f9c7

  • SHA512

    e6bdbae1affd161e62fc87407c912462dfe875f535ba9f344d0c4ade13715c947cd3ae832eff60f1bad4161938311d06ac8bc9b52ef203f7b0d9de1409f052a5

  • SSDEEP

    786432:pvzwvht7xf1lvjjnQ0HxpmGxD0V6vIsca4jKyqq7A:mvf7xTvDSbpshRmA

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.11.8-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.11.8-amd64.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\Temp\{577B51A5-DC29-4F28-AB8A-1C457554338A}\.cr\python-3.11.8-amd64.exe
      "C:\Windows\Temp\{577B51A5-DC29-4F28-AB8A-1C457554338A}\.cr\python-3.11.8-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.11.8-amd64.exe" -burn.filehandle.attached=696 -burn.filehandle.self=536
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{577B51A5-DC29-4F28-AB8A-1C457554338A}\.cr\python-3.11.8-amd64.exe
    Filesize

    858KB

    MD5

    c965d7a4923f54d28ff3c473fc2858a5

    SHA1

    c52c5dacc68dec83ed076d9b4615c4f94870fdc3

    SHA256

    c2c376448a69bbb65cb3bb50bab97fe27909780d47c1621d420bf5d4968d64f7

    SHA512

    b0282cc9cc424d2bfbe9ffcd7cecde1b3281d53203437151f085116e041ccefcd7611cb79d9be5ae283977c30a8a60cae352f31e171eeaed311e1ab6babc3a11

    Download Submit

  • C:\Windows\Temp\{C81D97DC-952D-4F13-993E-1DCEECECBC13}\.ba\PythonBA.dll
    Filesize

    675KB

    MD5

    f4da33739c7180dd9eb4b91c3ed4d0f8

    SHA1

    dfbe6c30483fc6b08172855027fa5a33de4d8198

    SHA256

    37bfddbba1c105dbead1d190e31274d983b13ff1bae61c0b353080cd9777f263

    SHA512

    8b64a12aa8a3b2190d9764d8d2f1d8b603c10ea70dbf96c50a83149055088a3a76cbbd6dfe7f801e65e74460585cfc21736e59a9d17899157b656c4d7d1edba8

    Download Submit

  • C:\Windows\Temp\{C81D97DC-952D-4F13-993E-1DCEECECBC13}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit