Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    18s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 14:28

General

  • Target

    Discord-Microsoft-Scam-main/config.py

  • Size

    47B

  • MD5

    c7257632f9e6e2cc97fc261bc3df08cb

  • SHA1

    3efb0b15b583eef0d31155fb58cc81f27c291998

  • SHA256

    b116c545c527ce3b3b8763ed6d8aa5451213dededc418720fd568cbbb4a0c59c

  • SHA512

    ba78240e5559ab662a2b969e75a8e788eac98804ab423d83766de7f7031f379f5c1655d6d6431ef5bc1d2a3e86e6cefd7dd64da1f3eff921019e0a0c3cf20577

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Microsoft-Scam-main\config.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Discord-Microsoft-Scam-main\config.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Discord-Microsoft-Scam-main\config.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    f3651202fe9056b6131970901aa87fbb

    SHA1

    68b608b158a08e0f90734112e3f030e736d5d3db

    SHA256

    3b2df598411a828189b0868c1d8cf2bfddb7bdce27730ecde0af33c4146aaf14

    SHA512

    a0d809d268917733b0e40fddb360a66bdcd60c6d3b6f585fdc187f425954e89f7abd71d0b7fd09e63fe9f72113713290f520e1f22c531d0ea7512fbe54531e9f