Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

7

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    34s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2024, 18:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    get_cookies.pyc

  • Size

    5KB

  • MD5

    c09b8ed0a960b251fc5a3ce42979d3eb

  • SHA1

    a2616f789ab6bc4631b3f0259648812ef6e9291f

  • SHA256

    5b0bcdeab7ce6c1b5ba87a88de06653ba9f77f22872e01bafd8e54155fd3ffa7

  • SHA512

    2031915a530d236e519bf346a2fe4769279817595fd062869479a66d1f42cf2793449aa4fc76b7b7ef51070d85a7ad1e0abbaf2d5611fc248909d0e35967c944

  • SSDEEP

    96:GU4BjBMvk8RJnEOW+xVBcnqiicI47CXBxmSiWeBYJ0ZqPmfkMglcWN2l:AS7ExYXPipI8+xmSIeWIPNlGWU

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    30492e2e6a9ce873448c6b11eb5b37f6

    SHA1

    37857b397894e75239b2e591f55c21b6c843fce0

    SHA256

    3c4776eac7a1f90f2b5be5a087a58c6dd310e5cdfbce3071300596435bcc5691

    SHA512

    5f5b655fc34cd0a0ac8c34112b869a951d946bfa7fd3b95c79d6bfa0d00a1fd95d18564c9378e8c7f8568df1a576423495ce273481d6bb464e67c8a4eecc6d60

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.