Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
02/10/2024, 22:22
General
-
Target
empyrean-main/src/components/browsers.py
-
Size
11KB
-
MD5
720067bf62202ab20bd0bdce2404b294
-
SHA1
7c60970fd79957309b84b4265671ee7ebe7161c0
-
SHA256
38ddcdaa3f2ac2bbac94d7b34cc708449aec108fd2065f3555053e8916544b77
-
SHA512
20f10bd12ecac1f3197b7611a4911ce7f232a16432b465bc5346dd1e5c288de56042c6144104d54bc2ee53acc0bf9c98d2baf972a4b4b9aa9ce655080462f0e8
-
SSDEEP
192:Yo1etBr/e8k03E5YYul25ZXIbHYsq5w/wVbPRfwmbd5NcbtU03vbt2w79G+R5:gzEhFsq5w/wPfwCN903Uw73R5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\empyrean-main\src\components\browsers.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\empyrean-main\src\components\browsers.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\empyrean-main\src\components\browsers.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD585f959e7a9d6b44a887795275e9738cc
SHA15c25bd845774a7db50e53b34a66c2684b2e6e6db
SHA256416297e8aeba8fed4f05ce6b0801aa005bc5acdfcc7f9a4e6b8e35f2721f285e
SHA5129a0a843adaab01dd52b01b28899dc943e22ba567674ae5f61f3e47e8f806b24026a0bab1c16da9269a8fa525ed2aaf48375973e6804d4bb7ce979a1566b9cf83