Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

photos.exe

windows7-x64

7

photos.exe

windows10-2004-x64

9

photos.exe

android-9-x86

photos.exe

android-10-x64

photos.exe

android-11-x64

photos.exe

macos-10.15-amd64

photos.exe

ubuntu-18.04-amd64

photos.exe

debian-9-armhf

photos.exe

debian-9-mips

photos.exe

debian-9-mipsel

discord_to...er.pyc

windows7-x64

discord_to...er.pyc

windows10-2004-x64

discord_to...er.pyc

android-9-x86

discord_to...er.pyc

android-10-x64

discord_to...er.pyc

android-11-x64

discord_to...er.pyc

macos-10.15-amd64

discord_to...er.pyc

ubuntu-18.04-amd64

discord_to...er.pyc

debian-9-armhf

discord_to...er.pyc

debian-9-mips

discord_to...er.pyc

debian-9-mipsel

get_cookies.pyc

windows7-x64

get_cookies.pyc

windows10-2004-x64

get_cookies.pyc

android-9-x86

get_cookies.pyc

android-10-x64

get_cookies.pyc

android-11-x64

get_cookies.pyc

macos-10.15-amd64

get_cookies.pyc

ubuntu-18.04-amd64

get_cookies.pyc

debian-9-armhf

get_cookies.pyc

debian-9-mips

get_cookies.pyc

debian-9-mipsel

misc.pyc

windows7-x64

misc.pyc

windows10-2004-x64

Resubmissions

12/01/2025, 14:23

250112-rqj8vswjds 10

12/01/2025, 09:23

250112-lcla4syndr 10

Analysis

  • max time kernel
    845s
  • max time network
    850s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2025, 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    photos.exe

  • Size

    78.5MB

  • MD5

    a4c9a785c0e51be1eba029f03947d108

  • SHA1

    9141272123df990f6b0462a13d4b2d2a8a133c17

  • SHA256

    122c37ee120e2429eb8e348ab8b30124ed0f9ca295ffd9aec8423932a251702e

  • SHA512

    390b8422a81d758d021eb19457bb08e70f34722b8179d29104528b54665a416ecbd3de5a1623253d6cfeccbe9194e048a87f48b706209b6e52eb0bee355197d0

  • SSDEEP

    1572864:OHl4WLxMsmwSk8IpG7V+VPhq9AE7eliPiYgj+h58sMwSe37z1cJLRK:OHO6MsmwSkB05aw98wx5Oe37YR

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\photos.exe
    C:\Users\Admin\AppData\Local\Temp\photos.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\photos.exe
      C:\Users\Admin\AppData\Local\Temp\photos.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
      2⤵
      • Loads dropped DLL
      PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-file-l2-1-0.dll
    Filesize

    41KB

    MD5

    5912435bd03ffe31f84b8561493800a8

    SHA1

    b9ee6273dfc88539277782f59a3d5101e97246d9

    SHA256

    932b58d7a383a653f0729ddd7db8d3704db9aad9b2b9fd5a25f8880a95ca55ba

    SHA512

    0b6271932c8550c753c59c9cdb62cbd550139e5af97f3e9001c6ebe608123a86aae95e221848e392d7692fadafaadc8c332482d6f8449327fd99902f81dbad75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-kernel32-legacy-l1-1-1.dll
    Filesize

    41KB

    MD5

    099a2b94f96ce0cf3e83e5169e571dab

    SHA1

    1b81ca74113234415b49c2a4ff032cdb5eb1a9dc

    SHA256

    8e6c50cb40fa99b612da2c3c7900e948af227e27e56fc5698a12f68a03979de2

    SHA512

    1bb5fa3ad3e21688982b31fe06688e71f083b5d5313df0d609b0a94cbbb082f53c17853cfe8b34791898722591884f514abecdd8d7e8b623f2b1b8ca2ca30110

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-sysinfo-l1-2-0.dll
    Filesize

    41KB

    MD5

    40a968a57935db11a9618eba3c05655e

    SHA1

    f2ca0e08165a70cc1aa3a5074d5e0bae4914985a

    SHA256

    72a37c20f1451c7df5f59aad29ac5a981fd4bb8dd4b2d81d38edffb4e8856d8c

    SHA512

    7d5e4cb2c7b54d6db9042c5fe9c3188fdd162ef595e6bfc9d63f67ca4e5b10f2de22b36bd33d83e14371a7d304c4e113ac357d505d9967269427c7204059b2d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    41KB

    MD5

    f388a8cbfaed2a0920ed2c472107d07b

    SHA1

    c4376421e86ee616259cb2255a0b2969c1b74600

    SHA256

    67d630d47b33f4fc346771ceedd2185deaef4fe0954b66d0477c3ba64a35c3ee

    SHA512

    cbabdc936425280e36e21fe65a2f58418dc6f4c16af4952e99f56bf14076e10810de309d07b9a602b77aaadd11f0f6cd5e53ca138d7bd98b1c05a4789b982472

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\python311.dll
    Filesize

    1.6MB

    MD5

    a70d5250a7878d930c92c08abd2acf5c

    SHA1

    0c9526cb8aaf011655decf5f8037b4ea562db71f

    SHA256

    1777007bcbec5c5daa8c4068b181216def54ac53eb2f6994b2fcb01edd74d03a

    SHA512

    08bf354cc9a16c7103173edd71abb1d91b7865adffc8c1ceb085c9f807f73b5b0ab37e70071f17166fdcce8ab0d5647060638a525090cc2544498537834e7afd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI18682\ucrtbase.dll
    Filesize

    1.3MB

    MD5

    b30b1bce7a668b480420f8f59df90bdb

    SHA1

    feab869fd4641fda2576f271d3b090143ff93bf0

    SHA256

    b6a49ab5dbba172c5a8b274b9e69a4a8d4ffbc96b8037151fff3233808dca2c7

    SHA512

    07ebb0fbf90d139c93929e1b7a77fbce5bc2b227437151b7de914e9500a1478ba6c01372a2dece2f5e1eccc2676c888ed3aa906da51d9255b71409f4252d39a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-fibers-l1-1-1.dll
    Filesize

    41KB

    MD5

    513200213d415ae9c6ff91a12e713f6a

    SHA1

    531bd3f7664d64a663d3554969dc958dfb4a7b90

    SHA256

    c31949e8a0f04d574e885d0d6b16b2ce053190d0ddb4f927906a1eb5b6af90d3

    SHA512

    7604e09fe40550b291036fb5b2f7733924412de84cde53894c47d9449af9ecd8907e6ee27412270183bb19d2fd95a970b26297c4ef873196961fc15ff56c093c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-file-l1-2-0.dll
    Filesize

    41KB

    MD5

    eda8cdf62bcf809981ddfb5ac46bda50

    SHA1

    09f7b5adaf970b1a53a81c019d54b8e73210d9c4

    SHA256

    05fa8735bfa82dd772f5cf8b3da8bbe787d81669c8a2d8cec6d1b3e3db994c67

    SHA512

    3d8c39ca1f8982336357ff2a53b14ff194549ee729f06c385588dad91589ec6aa2db02374609b90e16cefae6afebb0971072af0e77eb9a32aa99307004cc7768

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    41KB

    MD5

    d0f8e6c3000e0237e7ffdc93482eb5f1

    SHA1

    f56f2d8b22d9b542f5da8c53719a91115dc2815d

    SHA256

    adce8b53b540c497be723ea55e11cf3e724a87b3a4fd660c8be0844915f7f4ac

    SHA512

    a7e0c52acee2dbd14826969ecb270d505398aaefa3ce976b79c931eceb65decf7a267b0a58bafcded0ec9d8a728fdd79ee0583c73b8362039b4bf4bb21746e84

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI18682\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    41KB

    MD5

    61c41d35093bc88a1d9c4f63920fe6a0

    SHA1

    32ff4176c3ec13979b6383486020aed4a3713d62

    SHA256

    0b3d88453cf553c041af8388fb1ac3790ea90dd71abd657a1508969e87c0b94f

    SHA512

    0e4dae21e56a61d104d488d007e3f0a212c0b874040d398149a0420f17e935ce3ffeb4432f8ace84c06e0267c7715abe7b0be1b5042ede57401a9eb151b2e255

    Download Submit

  • memory/316-1317-0x000007FEF63E0000-0x000007FEF69C9000-memory.dmp

    Filesize

    5.9MB

    Download