Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

release.exe

windows7-x64

7

release.exe

windows10-2004-x64

7

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    102s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2025, 10:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    passwords_grabber.pyc

  • Size

    7KB

  • MD5

    cc180daa11732953527c69ac7bbea3b1

  • SHA1

    24ea916374f1fe5981219c1c330ba8f851571e9e

  • SHA256

    6a67c8b0591fef85f8436d152361796d4bf1fb3ddf46a5af873743cc16ece1fe

  • SHA512

    5e4e259999b3155ca5d9f55de691ced7c918acdab8b7c3ef7bca69903d6057a6c102a997b4b2af4a655026b3dd3ea8aed855306633392ab6a9171e70a34dbfbb

  • SSDEEP

    192:0tkwY6bLQ3hT8+NE102sGMleDkUhMbvEh:dwY6bLQ3RzHOMER

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8fbdbb88012aad140c418f6b217b464c

    SHA1

    316cc89bc4f0c0eef9376e90cf153327d495ac97

    SHA256

    fa1e48d6eabf385239ad0ada931f8fc94c4eab06383f40db1c1baf8c89527939

    SHA512

    eeb25d8d4e4d956707df9afd9520628e8f11b1d88941e14a9b731ba1ecd3255ccc1aedb87432c1a1ea2d4007bbbbe2643b68feb02d52134df8240bfb50d4298f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.