Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

discord-im...er.bat

windows7-x64

10

discord-im...er.bat

windows10-2004-x64

10

discord-im...bug.py

windows7-x64

3

discord-im...bug.py

windows10-2004-x64

3

discord-im...ers.py

windows7-x64

3

discord-im...ers.py

windows10-2004-x64

3

discord-im...ken.py

windows7-x64

3

discord-im...ken.py

windows10-2004-x64

3

discord-im...ion.py

windows7-x64

3

discord-im...ion.py

windows10-2004-x64

3

discord-im...tup.py

windows7-x64

3

discord-im...tup.py

windows10-2004-x64

3

discord-im...nfo.py

windows7-x64

3

discord-im...nfo.py

windows10-2004-x64

3

discord-im...fig.py

windows7-x64

3

discord-im...fig.py

windows10-2004-x64

3

discord-im...ain.py

windows7-x64

3

discord-im...ain.py

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2025, 22:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    discord-image-logger-main/src/components/systeminfo.py

  • Size

    6KB

  • MD5

    2737cd3bd851c13c1c5c651e045e75d7

  • SHA1

    828797243a9051d1461abebb90e162bd192f2c8a

  • SHA256

    6689a267860ff5972229c33934af6356b4828b05ae214d2024f62bd113916a4a

  • SHA512

    01d7b0e9c77585e08516c2443797f77c45db861a23f38fccad80036fe3f3ba270add2946317ef5405c608c2f8628910cf38c511cc8d7e94987730e3fe8f71e10

  • SSDEEP

    96:o62a5Q8kjqXmBHyCOMLdpvlGa4sVV2iHxhwqf+zadcTP9eTnSIf:PQRy4Tka/T2UIzaaL9erj

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\discord-image-logger-main\src\components\systeminfo.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\discord-image-logger-main\src\components\systeminfo.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\discord-image-logger-main\src\components\systeminfo.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5034cb0cb9d6c1da4163187174b5b174

    SHA1

    1ae3e11edd7f9eec66c7070d098a2b1a056d374b

    SHA256

    a0cb34961561771945143b805f90b0a2d563c9a9031c25d13d2aee0e84604748

    SHA512

    841433a12adc6f035773478ae508f13ce312e2e61222344a6a38b2ad368dd50eed991f98ce94ee73d855110c845c1ebd69ce3bf87d6deb6ee8d48ba3c3eaf51a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.