Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10AK-grabber-main.zip
windows7-x64
1AK-grabber-main.zip
windows10-2004-x64
1AK-grabber...er.bat
windows7-x64
1AK-grabber...er.bat
windows10-2004-x64
1AK-grabber...OBF.py
windows7-x64
3AK-grabber...OBF.py
windows10-2004-x64
3AK-grabber...s/cert
windows7-x64
1AK-grabber...s/cert
windows10-2004-x64
1AK-grabber...g.json
windows7-x64
3AK-grabber...g.json
windows10-2004-x64
3AK-grabber...der.py
windows7-x64
3AK-grabber...der.py
windows10-2004-x64
3AK-grabber...ess.py
windows7-x64
3AK-grabber...ess.py
windows10-2004-x64
3AK-grabber...ess.py
windows7-x64
3AK-grabber...ess.py
windows10-2004-x64
3AK-grabber...ar.exe
windows7-x64
3AK-grabber...ar.exe
windows10-2004-x64
3AK-grabber...eg.key
windows7-x64
3AK-grabber...eg.key
windows10-2004-x64
3AK-grabber...ts.txt
windows7-x64
1AK-grabber...ts.txt
windows10-2004-x64
1AK-grabber...un.bat
windows7-x64
1AK-grabber...un.bat
windows10-2004-x64
1AK-grabber...up.exe
windows7-x64
7AK-grabber...up.exe
windows10-2004-x64
8��d�*.pyc
windows7-x64
��d�*.pyc
windows10-2004-x64
AK-grabber...ief.py
ubuntu-18.04-amd64
1AK-grabber...ief.py
debian-9-armhf
1AK-grabber...ief.py
debian-9-mips
1AK-grabber...ief.py
debian-9-mipsel
1Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
31/01/2025, 00:31
Behavioral task
behavioral1
Sample
AK-grabber-main.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
AK-grabber-main.zip
Resource
win10v2004-20250129-en
Behavioral task
behavioral3
Sample
AK-grabber-main/A5 Grabber/Builder.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
AK-grabber-main/A5 Grabber/Builder.bat
Resource
win10v2004-20250129-en
Behavioral task
behavioral5
Sample
AK-grabber-main/A5 Grabber/Components/BlankOBF.py
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
AK-grabber-main/A5 Grabber/Components/BlankOBF.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral7
Sample
AK-grabber-main/A5 Grabber/Components/cert
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
AK-grabber-main/A5 Grabber/Components/cert
Resource
win10v2004-20250129-en
Behavioral task
behavioral9
Sample
AK-grabber-main/A5 Grabber/Components/config.json
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
AK-grabber-main/A5 Grabber/Components/config.json
Resource
win10v2004-20250129-en
Behavioral task
behavioral11
Sample
AK-grabber-main/A5 Grabber/Components/loader.py
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
AK-grabber-main/A5 Grabber/Components/loader.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral13
Sample
AK-grabber-main/A5 Grabber/Components/postprocess.py
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
AK-grabber-main/A5 Grabber/Components/postprocess.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral15
Sample
AK-grabber-main/A5 Grabber/Components/process.py
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
AK-grabber-main/A5 Grabber/Components/process.py
Resource
win10v2004-20250129-en
Behavioral task
behavioral17
Sample
AK-grabber-main/A5 Grabber/Components/rar.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
AK-grabber-main/A5 Grabber/Components/rar.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral19
Sample
AK-grabber-main/A5 Grabber/Components/rarreg.key
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
AK-grabber-main/A5 Grabber/Components/rarreg.key
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
AK-grabber-main/A5 Grabber/Components/requirements.txt
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
AK-grabber-main/A5 Grabber/Components/requirements.txt
Resource
win10v2004-20250129-en
Behavioral task
behavioral23
Sample
AK-grabber-main/A5 Grabber/Components/run.bat
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
AK-grabber-main/A5 Grabber/Components/run.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
AK-grabber-main/A5 Grabber/Components/setup.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
AK-grabber-main/A5 Grabber/Components/setup.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral27
Sample
��d�*.pyc
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
��d�*.pyc
Resource
win10v2004-20250129-en
Behavioral task
behavioral29
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral30
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral31
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral32
Sample
AK-grabber-main/A5 Grabber/Components/sigthief.py
Resource
debian9-mipsel-20240611-en
General
-
Target
AK-grabber-main/A5 Grabber/Components/config.json
-
Size
976B
-
MD5
17c98daace9d0baf81f6b9856c719c36
-
SHA1
8797f3c08ee01ebd3156d273a751a32cd8149afb
-
SHA256
28eb749c0057fa28835c64032e1bee33f42494168dc4d21f93383020eccc5a82
-
SHA512
17dd9ec30682b7dbed78de8fc09e9be578ccf39d2613e8752eb82a7bf2af3b3600c94ea89114eb94473b009628ed138ecaee2ad053119e4c493492d2321290c9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2756 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2756 AcroRd32.exe 2756 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2748 2696 cmd.exe 31 PID 2696 wrote to memory of 2748 2696 cmd.exe 31 PID 2696 wrote to memory of 2748 2696 cmd.exe 31 PID 2748 wrote to memory of 2756 2748 rundll32.exe 32 PID 2748 wrote to memory of 2756 2748 rundll32.exe 32 PID 2748 wrote to memory of 2756 2748 rundll32.exe 32 PID 2748 wrote to memory of 2756 2748 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json"1⤵
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2756
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD517008cfc11b8284fef4c92028ed7b3c6
SHA16f6fe1b2e53c776a52c30f09be53be2518f9abc1
SHA256459ec7c5cf4792fbfe9320e0695ea5fd8f653598d530297364d9a0bdf0dfce2e
SHA5122b93000f080d9227b618dee7c0ecf6eebc383f20b699a34dd42cf5db8650e4a03f98313843022bc76a7e59d319d776d0273a12667330778c8a1cb947415d2d3b