Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

11/11/2024, 10:44 UTC

241111-mswx8aybkj 10

25/10/2024, 13:05 UTC

241025-qbvklszdkh 10

23/10/2024, 19:44 UTC

241023-yf1anayfjp 10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 10:44 UTC

General

  • Target

    source_prepared.pyc

  • Size

    168KB

  • MD5

    11f6c56cafe9a1a6efebe7618868003b

  • SHA1

    27d6b5d6d315bf5063737561dfce2d72e1ade7dd

  • SHA256

    d97bfb28b1c258bf7964fa90325bcc22dd3e2ed22a954d0ed21b51c756a0cd88

  • SHA512

    3efa1c586ff5493e01cc48857bcf449583c3e93bfafe96a5c630f6c6a4403d0960b1861303f66a344d07c556e1518c1b85aabf10a6409fdab4b30850f44d28c6

  • SSDEEP

    3072:AexHVNaOO/5ESl1RdotPZTJ0pZXScT0o+IvdXzusTWP:BNaOO/5ESFdoCpUY0oysS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    026a506b1e1c9ac013e44602d8b5fc41

    SHA1

    428614cda7dab4f752b8a46b0ba125a56576c276

    SHA256

    3782e4a3b5eb5895522ac795e07458cf5699af6e08345c5f587c56d7be69ec65

    SHA512

    80d6717730af5bee3926ac27ac100e849ec9cee7c84befdc9b98b3817d50358d4541a0f6919525c030be6aa6a359b73281c35df9cbc1102e831256ff04620040

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.