Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

Rogue-main...ET.dll

windows7-x64

1

Rogue-main...ET.dll

windows10-2004-x64

1

Rogue-main/build.dll

windows7-x64

1

Rogue-main/build.dll

windows10-2004-x64

1

Rogue-main...or.exe

windows7-x64

5

Rogue-main...or.exe

windows10-2004-x64

5

Rogue-main...ce.exe

windows7-x64

3

Rogue-main...ce.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2023, 01:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rogue-main/interface.exe

  • Size

    12KB

  • MD5

    bce9a6fe857f381be422d56894a5fb97

  • SHA1

    bfd810291fe67f4052f59d110f79dbb43e4e628d

  • SHA256

    8b59e3e7af2f61498eb617b1ad54b10b0c21c93db8f9d0263a3450188775a59e

  • SHA512

    ca0fa61b85a2cb63e7882529d4e3d5af671ec0d365e0a8e29182b04fda340c508fade16a8e0546049ce76e3477b0265edb3754d9d86a8d4482be60e0eb81634d

  • SSDEEP

    192:wlhtwcnffNU9vY3l7Lx3ifuN1C0x0h52wa//TW:wljw8ffNUcnxEY1C0Gh8ws/T

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rogue-main\interface.exe
    "C:\Users\Admin\AppData\Local\Temp\Rogue-main\interface.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 1144
      2⤵
      • Program crash
      PID:2656

Network

  • flag-us
    DNS
    versioncompatibility.api.roblox.com
    interface.exe
    Remote address:
    8.8.8.8:53
    Request
    versioncompatibility.api.roblox.com
    IN A
    Response
    versioncompatibility.api.roblox.com
    IN CNAME
    titanium.roblox.com
    titanium.roblox.com
    IN CNAME
    us-central-default-px.roblox.com
    us-central-default-px.roblox.com
    IN A
    128.116.102.4
  • 128.116.102.4:443
    versioncompatibility.api.roblox.com
    tls
    interface.exe
    369 B
     179 B
     5
    4
  • 8.8.8.8:53
    versioncompatibility.api.roblox.com
    dns
    interface.exe
    81 B
     156 B
     1
    1

    DNS Request

    versioncompatibility.api.roblox.com

    DNS Response

    128.116.102.4

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1900-0-0x0000000001110000-0x000000000111A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1900-1-0x0000000074950000-0x000000007503E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1900-2-0x0000000001070000-0x00000000010B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1900-3-0x0000000074950000-0x000000007503E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1900-4-0x0000000001070000-0x00000000010B0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.