Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1468s -
max time network
1476s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/10/2024, 21:00
Behavioral task
behavioral1
Sample
YT_Channel_Downloader_installer.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
YT_Channel_Downloader.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win11-20241007-en
General
-
Target
main.pyc
-
Size
869B
-
MD5
2dcf7a776469738f62916a342c393d12
-
SHA1
e5aa17e84a8e80ae399a0b8069f0c079d8a63068
-
SHA256
ec4c1892b65b6756be7cbe5061b764577c0407398b76ce84db6a646deeb1c428
-
SHA512
a7293ce2f8302ceb97b27d998a66d6e5bd0897a60b2831b59d66c72ddfd733d1315f1bb5bdc752011d7474e12b289b7cc8b5dd0dbedce2a269d23057c032aff1
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 112 OpenWith.exe