Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
03/12/2024, 10:57
Behavioral task
behavioral1
Sample
ysrfgdyjkfgydg.pyc
Resource
win7-20240708-en
3 signatures
1 seconds
Behavioral task
behavioral2
Sample
ysrfgdyjkfgydg.pyc
Resource
win10v2004-20241007-en
1 signatures
1 seconds
General
-
Target
ysrfgdyjkfgydg.pyc
-
Size
123B
-
MD5
8a561c4d80363f052328985ec773d5c7
-
SHA1
9e611d1479e85bab2cd47b104418849fa0a093d1
-
SHA256
72f172d55e686d12740d920d51992c39cde4b6bbc699ff300b3176288af2d566
-
SHA512
40cb30820621caf74d08733130f8f8dc9b4f20edb2124e19ef26e1cd4608701cd1c774b2913e253b884c5659bcdd06be53576c626b1b842a3afccda3cb4eb3f5
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1780 wrote to memory of 2724 1780 cmd.exe 32 PID 1780 wrote to memory of 2724 1780 cmd.exe 32 PID 1780 wrote to memory of 2724 1780 cmd.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ysrfgdyjkfgydg.pyc1⤵
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ysrfgdyjkfgydg.pyc2⤵
- Modifies registry class
PID:2724
-