Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10AK-grabber-main.zip
windows7-x64
1AK-grabber-main.zip
windows10-2004-x64
1AK-grabber...er.bat
windows7-x64
1AK-grabber...er.bat
windows10-2004-x64
1AK-grabber...OBF.py
windows7-x64
3AK-grabber...OBF.py
windows10-2004-x64
3AK-grabber...s/cert
windows7-x64
1AK-grabber...s/cert
windows10-2004-x64
1AK-grabber...g.json
windows7-x64
3AK-grabber...g.json
windows10-2004-x64
3AK-grabber...der.py
windows7-x64
3AK-grabber...der.py
windows10-2004-x64
3AK-grabber...ess.py
windows7-x64
3AK-grabber...ess.py
windows10-2004-x64
3AK-grabber...ess.py
windows7-x64
3AK-grabber...ess.py
windows10-2004-x64
3AK-grabber...ar.exe
windows7-x64
3AK-grabber...ar.exe
windows10-2004-x64
3AK-grabber...eg.key
windows7-x64
3AK-grabber...eg.key
windows10-2004-x64
3AK-grabber...ts.txt
windows7-x64
1AK-grabber...ts.txt
windows10-2004-x64
1AK-grabber...un.bat
windows7-x64
1AK-grabber...un.bat
windows10-2004-x64
1AK-grabber...up.exe
windows7-x64
7AK-grabber...up.exe
windows10-2004-x64
8��d�*.pyc
windows7-x64
��d�*.pyc
windows10-2004-x64
AK-grabber...ief.py
ubuntu-18.04-amd64
1AK-grabber...ief.py
debian-9-armhf
1AK-grabber...ief.py
debian-9-mips
1AK-grabber...ief.py
debian-9-mipsel
1Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
31/01/2025, 00:31
Behavioral task
behavioral1
Sample
AK-grabber-main.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
AK-grabber-main.zip
Resource
win10v2004-20250129-en
Behavioral task
behavioral3
Sample
AK-grabber-main/A5 Grabber/Builder.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
AK-grabber-main/A5 Grabber/Builder.bat
Resource
win10v2004-20250129-en
Behavioral task
behavioral5
Sample
AK-grabber-main/A5 Grabber/Components/BlankOBF.py
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
AK-grabber-main/A5 Grabber/Components/BlankOBF.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral7
Sample
AK-grabber-main/A5 Grabber/Components/cert
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
AK-grabber-main/A5 Grabber/Components/cert
Resource
win10v2004-20250129-en
Behavioral task
behavioral9
Sample
AK-grabber-main/A5 Grabber/Components/config.json
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
AK-grabber-main/A5 Grabber/Components/config.json
Resource
win10v2004-20250129-en
Behavioral task
behavioral11
Sample
AK-grabber-main/A5 Grabber/Components/loader.py
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
AK-grabber-main/A5 Grabber/Components/loader.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral13
Sample
AK-grabber-main/A5 Grabber/Components/postprocess.py
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
AK-grabber-main/A5 Grabber/Components/postprocess.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral15
Sample
AK-grabber-main/A5 Grabber/Components/process.py
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
AK-grabber-main/A5 Grabber/Components/process.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral17
Sample
AK-grabber-main/A5 Grabber/Components/rar.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
AK-grabber-main/A5 Grabber/Components/rar.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral19
Sample
AK-grabber-main/A5 Grabber/Components/rarreg.key
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
AK-grabber-main/A5 Grabber/Components/rarreg.key
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
AK-grabber-main/A5 Grabber/Components/requirements.txt
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
AK-grabber-main/A5 Grabber/Components/requirements.txt
Resource
win10v2004-20250129-en
Behavioral task
behavioral23
Sample
AK-grabber-main/A5 Grabber/Components/run.bat
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
AK-grabber-main/A5 Grabber/Components/run.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
AK-grabber-main/A5 Grabber/Components/setup.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
AK-grabber-main/A5 Grabber/Components/setup.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral27
Sample
��d�*.pyc
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
��d�*.pyc
Resource
win10v2004-20250129-en
Behavioral task
behavioral29
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral30
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral31
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral32
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-mipsel-20240611-en
General
-
Target
AK-grabber-main/A5 Grabber/Components/BlankOBF.py
-
Size
5KB
-
MD5
b3d2f59792b99d98107717d6b7100cf3
-
SHA1
5cf1f176236fb12fd665301a64be7d883ca125c8
-
SHA256
73bd45bbbf96aa84a2abf5eef93513126bd3adbbbb5ebd5272776643d99c1fb8
-
SHA512
1791b325ea86c56d35ff9c9216685dd7b3d0b0d01538de5cb6310cb64750daadbeccddbe51fc985bb22a8d8e67ab1a180708e7b97441e0daa2c0b1c14e918ed8
-
SSDEEP
96:Fr54cd62hK9FFZ48PuCQYBX5oQL6oUMOQcL:FP6Us4B8JoQLBsQcL
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2736 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2736 AcroRd32.exe 2736 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1764 wrote to memory of 2724 1764 cmd.exe 32 PID 1764 wrote to memory of 2724 1764 cmd.exe 32 PID 1764 wrote to memory of 2724 1764 cmd.exe 32 PID 2724 wrote to memory of 2736 2724 rundll32.exe 33 PID 2724 wrote to memory of 2736 2724 rundll32.exe 33 PID 2724 wrote to memory of 2736 2724 rundll32.exe 33 PID 2724 wrote to memory of 2736 2724 rundll32.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\BlankOBF.py"1⤵
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\BlankOBF.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\BlankOBF.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2736
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55f5b2851245cb089c5a54d4c7c017969
SHA17d57cc9adfa594ea7906ab4f0a4a560faff1b247
SHA256522e25f5aba0ef958f4a32178cfc913084ac149daab322759d888c797a20083d
SHA5121c0dc66da6617cd44d2853886c654fd486f620fe66aa26fd6b072723f5fe217f102c97058a2d7cb46a2e997fa1dae5c7686f0ae4d783602f7a876d16645b48c5