Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

31/01/2025, 14:23

250131-rqf67sxqhw 10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2025, 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.exe

  • Size

    84.4MB

  • MD5

    fda00911ea38642cda92d787e072d737

  • SHA1

    886715865119d72ccd2c84644bc8a6873e448753

  • SHA256

    d256dee9c18ee54f961cc3d5295c5f6553e48979842da301a63be43969e7ccd7

  • SHA512

    c1fe959a022f6149db21666246196db0ab23e91117ea8ea87c1862372d3ab15bbe0fb20bcf871468e355de2539892e303a83e8479059d175630a95d5ab97804b

  • SSDEEP

    1572864:FVjl4WwZXm7OkiqOv8im2A3+TUE7slh+eiYweyJulZUdgKXUxjCHZvkOgs1:3+7ZXm7OknOv8i36+TCLkpumX2okO5

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:1908
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2000

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-fibers-l1-1-1.dll
      Filesize

      41KB

      MD5

      43034b2a0c12a90703a5a675c3281875

      SHA1

      a0fb6671dfde8dca91b2695a509da39c241d4cba

      SHA256

      ed56b23081e1b4a9d656f5303522f9706962c64a39be5ac4103c7a4bb4683493

      SHA512

      d99c8cde439fd36b525672b14819033c9e81d35e3ac4d1e99a13a122219567da34044539b22c915c0bb2ae9c2a7e80a34d65431a5f443bd39bc6604cd414a8bc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-file-l1-2-0.dll
      Filesize

      41KB

      MD5

      01a3313a97977282f26db06f15b5b1d2

      SHA1

      a0888fdbcf4ed3e80ad45251a998c42e77f81790

      SHA256

      89d6baa7e95b44903dd16c011b3d8bc8633bead728ef08d134933a995a71f4fa

      SHA512

      5ea9b970b617508c768e8ad37e0d89a51246789f1a9b95e6a59ca446a2088405cf6eab4c0b8028455d87dd5fe819ef5bb400aa824a3f7a6adb3fc42febf0554c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-file-l2-1-0.dll
      Filesize

      41KB

      MD5

      e2f631cea6f1777d19de7b8f77ec852e

      SHA1

      fb3aa9801e7365eb903d1b931e502aea7ef75f97

      SHA256

      3612ca27d8ae67d620033d5310b0f9ad4bde1e902152c519c276a12e9410e643

      SHA512

      7385342c7d7a202619c802355e48250cfc59af4d3c6864909ec8c3743a5c20a45c96214a5f66639f04f011c320be059d9e3e99ca9b7479c39809fa8151c9a41b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-kernel32-legacy-l1-1-1.dll
      Filesize

      41KB

      MD5

      07e60c794a1c936607e432bbd7678c3b

      SHA1

      c368d8cc7ed4cb92ef4298b956e9609da09e934a

      SHA256

      cf44707c8b430b6dda0de73248f1568ac4a844a46e9669b9e990476e6ce38e25

      SHA512

      aebb8a6b8f07a21ca7be407471eba2734e241511732326739ea5e9457532b469779e5916e2a82b89672d65eed9df5ab6252b4420d6f88125390e0caa3fde751f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-localization-l1-2-0.dll
      Filesize

      41KB

      MD5

      12c396b06ce51331cf9c1969e6877711

      SHA1

      278e0308a2b82de1162496b0f4796e27c72015a1

      SHA256

      aee13ba0406ac447c2a4ef6a5a08f87b3867d0a23ebdc1d941b92ce831f30a3a

      SHA512

      cb00e40d980b3a576012712263cbc523c06ea32aa7d70e7c6c192405ec150e5adb83d5b4daf27c6f79fbd98f1b34a8ec71ee57ecc771f0ff131df3e724d9a585

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-processthreads-l1-1-1.dll
      Filesize

      41KB

      MD5

      90921e5f13b3802a85d168c37a33bc40

      SHA1

      36bf20e3a739511d506b0b89001be1c144d3a022

      SHA256

      a013569c40698983a5d5d5ff1ce4189d00e2c4810c6ffd3d18453067390b3eae

      SHA512

      af3c3bd51b51b093fb1f5450b3cdd921e2e9ba4a4f6b8948626939d442a85437d093266e306d77ce679b285f433fe7ae00c0d827b8775cdaa928ebd641014674

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-sysinfo-l1-2-0.dll
      Filesize

      41KB

      MD5

      cb4a7cfd345a7524fcf8d55b914ab5d8

      SHA1

      c282ab5761a900333d02d7041a137efe0a856c02

      SHA256

      304944b6bd9c5b87e6607eaff5c1c473f48b952bb02545f195fafa610d6efc3f

      SHA512

      87c67cadc9adf0135f990e29668d8b9c8c6845bc8deef1deba062294d9568f7bebe22531fbcd89ab22da9ceda481d97ed9bb8e55ab67fe3a12fbb3c922b5a850

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\api-ms-win-core-timezone-l1-1-0.dll
      Filesize

      41KB

      MD5

      abaa8d09a78200136033fa73610712c7

      SHA1

      bc39ef62b6d61c6952d3892becb194658c3a04b5

      SHA256

      c7f6425686a642c43554840add5ae1bc865e1525acab93598b5857e4b0b0f09d

      SHA512

      40ba5011a208ede2c5f9e1f93a41a064f70c27194a33f92b03dcf727516642a19a27a68daab9ac37b0baa82476318bfb02bd3b3eb735a65cd4e804497e23e705

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\python312.dll
      Filesize

      1.8MB

      MD5

      cfa2e5cdda9039831f12174573b20c7b

      SHA1

      c63a1ffd741a85e483fc01d6a2d0f7616b223291

      SHA256

      b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d

      SHA512

      f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24202\ucrtbase.dll
      Filesize

      1.3MB

      MD5

      9ccd6181c279edbbb602249f245c1001

      SHA1

      4fb78797395f2e5b08663c7e2e5eb89784581da2

      SHA256

      4963a3530382aae748ca76b5d113b828f7d402e0890a4e8e0fba6ea47c8ccc5e

      SHA512

      2699708384f2bd2adb797b72f82c311844b6e79a40309ca860d98d91a1a02d8abcf8c4d8d137f1291882ee6f70b10dbc691f841c53082db63df385ffeffb1844

      Download Submit

    • memory/1908-1331-0x000007FEF5A20000-0x000007FEF60F8000-memory.dmp

      Filesize

      6.8MB

      Download