Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 20:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    discord_token_grabber.pyc

  • Size

    15KB

  • MD5

    a7684f2f409990743d310cd7ec306ddc

  • SHA1

    0949beaa2fc2dbd56e9ac2c111910c8471cb420a

  • SHA256

    be495ca4cc94405470e197a0dbeda88efa08dcc970c7ad3674b571515ad93b3f

  • SHA512

    fcfebe9c955e7754042bc68056a973e6557929731af19bb28c95491a91909cb77e853a7b6aad03bff4f2c565df7a7804183cf531c72fe25b738f53b1b2ac2351

  • SSDEEP

    384:nGC7RYmnXavkGP3ltcrhntQ5saa2holHVA:nGCuvkoltcrttQ5saaCgHVA

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    59cd56bd2de952f9ae8fd5e456a5445d

    SHA1

    e7b57c9e2ad9f388eda93eb70e8617684648ee45

    SHA256

    a1277c59322242b8738d0b374bb863d161bdb7332e5cf9059930d0c527df2b92

    SHA512

    e23e009dac35a7007838d6fcf531c52f0341edd790fb32b3d681737ef8c4d0800798962cf688f78f06c0efc82483df0f3239693eb865d3d58d3d1d74e9e9f6f9

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.