Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    34s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2024, 18:04

General

  • Target

    source_prepared.pyc

  • Size

    63KB

  • MD5

    fdc09f129473e524c491ae79f44b8a59

  • SHA1

    29f6ae8b3b942f808d0cdc283970ff71e668dbbf

  • SHA256

    cc880696781b56da890b2debae0fbad6a9f714ebfefe398d1e56dbdc467bf2d2

  • SHA512

    65cea897d4a6285109a4b4dcce85580d69cb9b8cf0cfc85840885fb3b702ca6ed3bec71abc91326f6d0015065c493588b471e5fdb76e99e321d53344d17026f3

  • SSDEEP

    768:wbXmUqlPniou3Ti2zXwhdG87YbL7l9FZwDU6jqnWo5bleSCkO579qfikwth9iNdt:wJqlPV6jwK8kZdKEpqan4hogoocOzV78

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    5752608dc9f40066d69044680d9b362b

    SHA1

    0c0b7f8899eee385be4b996ce2ab1713f88e7018

    SHA256

    05e7cacdd0598f661d4cde7952708808ce3535dc68fe8906bb406b1869285dea

    SHA512

    a633243bf49667dac2c3eb61f2993ff2d1b574cfbf50d7e1d77b45c7151493e5abc2aef3b6b1bcd8eecef72a94ca9579122bc1afe4c06cd974fe443482e49a4d