Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 13:43
Static task
static1
Behavioral task
behavioral1
Sample
ROBLOX_MULTI_x64.exe
Resource
win7-20220901-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
ROBLOX_MULTI_x64.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
ROBLOX_MULTI_x64.exe
-
Size
11KB
-
MD5
4261af7c34b48c77817f52033fb0539f
-
SHA1
e1e79a7e69cdb35e758591ea98d63c583b2eea26
-
SHA256
7115a0adc6ee5d127e9ede11b89d253bb6350342bca69eb1845a05ec977a1629
-
SHA512
876c30f9ccf654aabd70d947b75e80e120ffc5460aafb3d4ebc0bc52253f3ae9f6551d89db42ef0ee37d026ec764328212c280d649c14c90630e78c68817bfa4
-
SSDEEP
192:AvAdKg7Z5wAe6vpKpyVMmE8lZuuPe3Q5tmUKSJ:0CKg7Delpygvu23DS
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 568 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1540 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1540 AUDIODG.EXE Token: 33 1540 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1540 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 112 wrote to memory of 1148 112 chrome.exe 29 PID 112 wrote to memory of 1148 112 chrome.exe 29 PID 112 wrote to memory of 1148 112 chrome.exe 29 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 1152 112 chrome.exe 30 PID 112 wrote to memory of 568 112 chrome.exe 31 PID 112 wrote to memory of 568 112 chrome.exe 31 PID 112 wrote to memory of 568 112 chrome.exe 31 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32 PID 112 wrote to memory of 2024 112 chrome.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\ROBLOX_MULTI_x64.exe"C:\Users\Admin\AppData\Local\Temp\ROBLOX_MULTI_x64.exe"1⤵PID:2040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaa24f50,0x7fefaa24f60,0x7fefaa24f702⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1128 /prefetch:22⤵PID:1152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 /prefetch:82⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:12⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:12⤵PID:1984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3288 /prefetch:22⤵PID:2100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3516 /prefetch:82⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=792,5428394961831151571,12361994951734367471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3620 /prefetch:82⤵PID:2220
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1044
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4541⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540