Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/01/2025, 18:12
250107-wtgdlasmh1 1007/01/2025, 18:12
250107-ws5psstqdl 1007/01/2025, 18:08
250107-wq1m3atpfl 1006/01/2025, 19:14
250106-xx1gbaxjdn 10Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
07/01/2025, 18:08
General
-
Target
discord_token_grabber.pyc
-
Size
16KB
-
MD5
924ef065a5167d44170ac81a60cc6fbe
-
SHA1
ebfa171438758dd9810369d3077f618bfab5bc09
-
SHA256
78a36fae762432c89f4c0b185e5c227144817199dbde90d16749c6bfc0fb1dd1
-
SHA512
15a2144fe6e0e081856fd875bcbb239a83da115dce2cda1924f71cfc401f13f681d5047cb80b40cdcdcb617c12d9c12f7bfdc15d38177ace8685c59bb631afdc
-
SSDEEP
192:bIqqTmuEWauge+M6DA8AYv++JDcNQshU8En5W4NXOYd/G7XW:+9avP588A+DDWRm5FOUG7XW
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 3 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 23 IoCs
-
Suspicious use of SendNotifyMessage 22 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\source_prepared.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {271763e4-ca3f-469e-8bc1-dbdee167e921} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f8e201-58cb-41d2-b664-33e715300554} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8378eb31-c529-4e55-8192-23f5b56b905b} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3936 -childID 2 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa6c733f-43f7-4e3f-9f79-1b02b09fa88f} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4888 -prefMapHandle 4880 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e228ef58-2106-4202-be42-c77e24cb692c} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5404 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30e284c-6a6d-4c2f-a859-1a0bd0bf256e} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a77b089-a4d4-4b81-ae52-d2fe33092064} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5732 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60cc419-09dd-4c9f-b144-e3eab80a2d02} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 6 -isForBrowser -prefsHandle 5976 -prefMapHandle 5408 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e48e36-1555-4f32-81f1-7e3be1fd6764} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1768 -childID 7 -isForBrowser -prefsHandle 6204 -prefMapHandle 5984 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1256b952-69d1-42b4-8a34-09c3d84f3c5c} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6320 -parentBuildID 20240401114208 -prefsHandle 6476 -prefMapHandle 6472 -prefsLen 34627 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfe93253-a6c8-4a23-8f6d-3ab59b9168f1} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6604 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6600 -prefMapHandle 6596 -prefsLen 34627 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b8c0e88-6f4b-4a76-9adf-ea6f4557919d} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6448 -childID 8 -isForBrowser -prefsHandle 6812 -prefMapHandle 6808 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e647913-edd0-4c81-bc90-186c0da919c0} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5cc6ac3e520ca761af80eb94e4ac32cf2
SHA194e34b660e2467c87edfc8b1d5d230c3888619c1
SHA25635d73fa43ebdac6fa49de69285286fd25c5b7ac5f1cd7f978ac7cc96464d8353
SHA5128807c67363fcc63f6a0a829f981fc1dd27c2b8755322e7a5e19fab26a19001fc147d59ce8bbd6ca5e396c41f384d775490222d36643b715030eee17995145e83
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD5ae9bd574915b3f1e45a4cfab3c1c5f90
SHA1f15ba8836f3d0c19a2fc4aedae1d89802b27933a
SHA256e09a21c7cb39a83bceabd51a9f49c1018997c51b01591743992a10721ad30699
SHA512ecd60160aac218ea65d60fd5e3f07beaeecf7f156bfe234edc1e2d3544b311fc82055a102f22c461452c571add1c9190d447b09639f145f66388aebd35164684
-
Filesize
6KB
MD5ad16cac6e8c14838200c002fec046938
SHA1a4e47d929b6eacd02b0d26246b14adaae6a0141d
SHA256151183a44fd0afb3795ca3f40d937108ca3a80fa05a86abad3fbcdfd3d1174ac
SHA51206b77f6196d12760082b59c211d9531ca1353ee666fe200e0d1823959a3d24bfdd8a52f41ea091abe8e9e445460ab1dbdb2a02ce3b1526fcc4257f38da1d90eb
-
Filesize
8KB
MD57671e3839dbb2013af4d380aa2072653
SHA19bdafba10aa7369dd02a17a0443999f2747be78e
SHA256bb363e5ffba08772a9c608d1269b5e6526e4cb1d6f2d22ff5eb7e20f3a40994c
SHA512f08154f9c314df3754913f03960130744666943ced6231e3598e2341c18c00926cd7cd445e752cc25774253e0d792a093b537a17319e1030fe9863ebc6a280a6
-
Filesize
6KB
MD50ad1195cd12544b8b2637a0045d7dac9
SHA15d057ab88727ac860c443e8977e48d786bf8586d
SHA256aefce3cf5f1ce640a08a0b9aaa070e2f6cad46418b50d0c1ba3dcbd679e56871
SHA5120a7b1d35bfae1f8262d60ae02ee24427da51ff3a9097d8340bc8bfb4f865151e73ff02b389c02ee090e9beb2377cced1541cbc03b6259e17bb85cca2a6c09813
-
Filesize
14KB
MD5cea5e3c3996fdeb39bfef35b950aca9b
SHA167c77c56328fc392020729d6ce5722c8b8043f6d
SHA2563b16233134343876fd430c003e5ae4338e0284c0212696f8d1a4f49890322f52
SHA5129008d425e76b2fa0356eb38fbcddc7efddc32d51146295a4ce2f37df49a239ae1b26e4a795ebd022fe54e6d1066d6980c26ed4629e0203d5a8fce65ff9587377
-
Filesize
6KB
MD5d2ff00ec599a029735022ecfe83eb090
SHA1ba44495993f733489a7b66eb553ec55ca287d672
SHA256745bfae31b4e988571ea963e9518c780027bd1647339aa3d6c48520149a2de07
SHA5124f91cafee309af32b396b2ebe9a10d47fff4aff7e0b02cdb6d9e3f9fe16f55c05944a3d4f7e1ef293338d5d181fd8298c2a5195dfda4851ccccfce2231851a39
-
Filesize
5KB
MD5695907ec412c413b0afce9243db7f881
SHA184a6bcf2cd76f7221310ac601e5edf1c2a260218
SHA256631128259399fcd6dc36c49f270ba6a51febb540a9cc5b62b62207e0a4b86b26
SHA512dc69643241669b52b3ed3c9c8a11d25480c4fc86443263f089ebd6d16838b76b7a55e812d3cc9328ad95c23af8da1daac74db6b9c17ba592b687a3b683449463
-
Filesize
982B
MD5436ce8ae5f9a295e055bf5fc5b0dcab5
SHA17b2744f8b6ea9d812eebcc49bd431ce7fdb69cb0
SHA25691b8bffe8c0ecb94b9a7401821ec395c89d0c7afa1a4aa3b894d99956238695b
SHA5122228544e816ec7bc521b07a8adec049e457892802b247b0d93d80c3eaa5fb765f22a0d34721a5bfd2b2e5a73b66bf07fc6ebf4c5da662d5334f1ac1ef8e5ef0e
-
Filesize
28KB
MD5beca82ea63888082f33a95af333e526b
SHA124659b0de6a7c4084cbdb3a89ea4480b948da637
SHA256a9e8beefe748ea6f7001d91c473b07399c4a2dd7f46e392b9e04c5b8e8470785
SHA512d4939f224cdcb141d4576b60722f58044b434f03b5d6667ea873fd47e3eb7e7dfd0df6619deec10ec7dec85ec8714ef0899a670835f89d18a9c6e73dea5a6c67
-
Filesize
671B
MD56a55ee10c5b1a1ace1927b33c52a629b
SHA129665e2763d51fe3d4687b71c47fbc81c267c8f0
SHA256e0463177337136097d5653c942c37527a59eb1902affcf6a3715fdccb37a9564
SHA512c8f93c2e4e6c8d52e1ac54cd617de0e77281ac86473543f4ba0d506b5e20ca61ca92e005232153c6b7230a3af960378f92ff252f13cd2c6bce24e05309c22a47
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD534b3115435aaa08631a5db660af65f27
SHA1a2dcba24434eeaaed8fe8b41f18c039294c00568
SHA256d49a52393a9ba23c1b8f3d9d3a80e8c57b7356265ca77fcb36023f88adcaae31
SHA512ac4ccc1dfbd325a86dc14765c8dbd37b21a3c416d25a47660ac897beaae982385cb5951e72fb51e15e04e561963b7f686f2fa9a0e841211e13b4ae6edbb4c17e
-
Filesize
11KB
MD5cb2a07a0dac12566d99ba413a69f80b5
SHA1c47d88a0684bf04e84b59ca2b27f58ae1ef089fc
SHA2565d2f1b19a745b0d6ad471e1d8c23b9f9731089d9dfafeac73339c8dde73634a9
SHA51222fabb36d850a6b68e2fb7ff325f124fc1137958855b754f604986ca658196d7fd3589ca7c73144b2acaa1c68cc4454f0529a6a7069d50bdfd67ba885ca6327f
-
Filesize
10KB
MD5e8b9d55de33f074c5f56ec0caaff6efa
SHA1d3ca66067388c0d974e8d3158c75af9280945f7f
SHA2567c324f57da70bc167f882859ef6605c7ab2af49680eb1d3ffa6b3e27b2cd20d7
SHA512d76e4ecdeca6a3260f31bdc2a090cb0be597f18dbbf2ddf6c1b1df022febece72923cdd38e723198986d93643b72e21282e21e48d75fc3bd6c1bf7b5b827d6e3
-
Filesize
10KB
MD502840eef96769fc29fba05c2e412250d
SHA1a33d29eef1c5320025612f908df1caff884196b3
SHA2564a9d7387ff4a40a35fdb1a5f5f3f879ca19210c37ea149008a721a0415c7692e
SHA5121229216448da07d589bff0d668f5b7e95120b877e972b51a97b9bf7843b61424c7fd046c0de7886cf52120804c45dad450853285523c96ca885fa35b1f3aebdb
-
Filesize
3KB
MD5de5bea18b56e90c273d094889da0a5a8
SHA17d4a8ed1471631031c9383f8da2f786611d0207b
SHA256bc43333444e833e4e41a789bfd96c83b81cc111805a09e50de2ee4f3f29cd542
SHA51240239fc1f19e98cc0d6e5e9917879e69fc7118cc4d4f0a09c8c02d033372c47c4b02a044c7cb436b8b12ece64cbd25c71860901efca012c06aad6a887109b562
-
Filesize
6KB
MD588fa76a08654cc373a4b16d8d5efc4d3
SHA13492390ffb90617d4974d6cb52a27bff830554eb
SHA256106dfa3263e1d6139c337bc1b818cd4e450d02633574aa9c45243da62bed7a33
SHA51260e18ff7f4b59389f785af360327d8e966732514b6eba4efde18ce2af6fd9788d888aa2b3edbd95654871019c9cc70139eb8ad5f6bd447b2aa2d2c2a71264ab7
-
Filesize
1KB
MD5a4693ae2900b04d92c784c776e1290ac
SHA160a1b900b194d7814a4cc2c3afe92e755adeb459
SHA25654f100e25be9cceabc5f87aafb50a08f9ad54f6d33f86054ccc9ab9f68541c5d
SHA512c99499e5268db671e76674dab70491e59ca3dc5ed81186c6d86d8e32db15298e3da75621c6e77c3899d0f98690aa2702a121c683e2fed2ee227657d0eb80df13
-
Filesize
4KB
MD5c1916895064f1d7c0bacba8e1302d78f
SHA1db3df2c7d9f7a8a0f606fb6a87cfa3722b4d62ef
SHA25661dc3d8bb6037bc7f72672c016f4128384be543c8c580e10f48a86db73ce44d1
SHA5120eb836d0a9698d72983ee9f965aa300ab78a99016d13ded53450758d5449048380cab856146ea4d4f45cf6b69034945080468446c7e85ec2d7fdff2b77cdc9d1
-
Filesize
568KB
MD5cc700a0776037dd4fafed4a8f04f154e
SHA1d728de31b8cd67a557d0e616c1dba14ca27eb06d
SHA256630f1e935432a7b39fb083612ee6f0886f46cce3dcf5bae78c7eb98f45660e29
SHA5124569b60e516a689ac62d568c1539595da45b26f9ed87829e66f2b73cda0f3d26802e93fe1c85246fffcffa8dbfc223fd80dfba55842b57f3800d65b54cbbbef6