Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

blender-3....64.msi

windows7-x64

6

blender-3....64.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    blender-3.6.5-windows-x64.msi

  • Size

    305.9MB

  • MD5

    be9f7b2e9ac1997d49f4846318975ab8

  • SHA1

    503297ce0eb13671c21cee697212ca46eeaf560d

  • SHA256

    8055ce256c68faa3ba7951790e0f7c1c760b7ce9f5f74cc1923264ded0921aed

  • SHA512

    eb59473149e26394d20c4dcc84ecf2753c78c19cc89ea982cf0ac9f189273bde8b8ea73ef6ed4c48f67b4bb6eb91121884cc90eaf5ec9687f56d5fe2d76fed87

  • SSDEEP

    6291456:HuG8NgvcHZ2wQAK7MSV6dzhsSese5a6DNWk1jDIiZr4G2T1jEFT/H:26c52wK4P17esTej0i14F14j

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 7 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 49 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\blender-3.6.5-windows-x64.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2848
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1428
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:4348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Blender Foundation\Blender 3.6\3.6\python\lib\site-packages\Cython\Debugger\Tests\__init__.py
    Filesize

    13B

    MD5

    a0fc9815dcb722928cff67ac202d6d37

    SHA1

    d607e803661e56dd23c2531de5182d809a725159

    SHA256

    8ceaad98f2c2bcc0aad3154cc067a4b8ba4199582ad31b4f16651e3f249d3a3b

    SHA512

    be672a5b7da4f52f6bf6211eed11cf5af38c2a4b0d5b2884994330c813e7410a1b0fc47bb6887d8ee76a8b6271e0e5215c4bdc99f4cbdad134583e560505eb5a

    Download Submit

  • C:\Program Files\Blender Foundation\Blender 3.6\3.6\python\lib\site-packages\charset_normalizer-2.0.10-py3.10.egg-info\dependency_links.txt
    Filesize

    1B

    MD5

    68b329da9893e34099c7d8ad5cb9c940

    SHA1

    adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

    SHA256

    01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

    SHA512

    be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

    Download Submit

  • C:\Program Files\Blender Foundation\Blender 3.6\3.6\python\lib\site-packages\pip-23.0.1.dist-info\top_level.txt
    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    Download Submit

  • C:\Program Files\Blender Foundation\Blender 3.6\3.6\python\lib\site-packages\pxr\UsdShade\__init__.py
    Filesize

    1KB

    MD5

    4f5185d273ba13319d3478620f79e08f

    SHA1

    e7728877d6a26dfd780e7e6ae637d52de0c16202

    SHA256

    2c1973a6a98d74572b1a6a38d4485c81908c5defd5782a66862346f067c6f0d5

    SHA512

    cea9948d9ec57d980e5f40a919660b0e13663b88c3990ff77e00e7b62d486fc88a31089e8bca2d058cc43e5cb9b851b2ddda87d7f30aecbcd9254a6fc09df0de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4E2BAFF688C7994811CD78232818FD29
    Filesize

    1KB

    MD5

    a3b9ecdcebf8cbc10c0b874a07cf2c6b

    SHA1

    18b3207064c5181989057956849233451392abca

    SHA256

    98701146b95933e42fc43d094414a9954f46d14ff0d2f1ea96d44becca71b926

    SHA512

    4f046072b5ebd5d3fcf3cc816771cbdd1c9672c8dddff73a95097f1c8de33e9dc54c90baadb1fe3f9cc920605d9ca0abeb4fb748ea8b6e197b1c2c8de6d89870

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\949D2E01833511C6366A8B529939FE66_A640373CFD567F7FA24BE1FC82025C7E
    Filesize

    312B

    MD5

    4227a2d9f4915e7180f20cfde19fdac0

    SHA1

    35e589a0f7ffdc440178d9fe17b0dd60bf868a87

    SHA256

    f4a79d5d76d6d4f0101096e50ffa7c00fee3bce41bb98f9662795e61f3affef1

    SHA512

    e9c6e36e9c4c3ff57c7ae834babfd86dc836b796845de98e956a36458939c2a6558789ae9e215516555a6e189c8753d7c838dc743277a394ea1b82dc8cbcd4b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4E2BAFF688C7994811CD78232818FD29
    Filesize

    306B

    MD5

    531be548de5ac1dd36ed752bd1a1ea3d

    SHA1

    221e4e8779bc1b2f6e790e2452191df8f3c6e402

    SHA256

    0a79922b94bba786cb24c151bdf68a22698521b70a05141cf337677d1e190b0d

    SHA512

    fc15c471d60e2106a105964e077d9bfa95b21bd6048aeec491da10edc9280fb205c5fef659475e65a121e941790c9d17d131a818755190e98b03a11af17b76a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\949D2E01833511C6366A8B529939FE66_A640373CFD567F7FA24BE1FC82025C7E
    Filesize

    494B

    MD5

    118bab13ac013b2e78838c588f1b0bcc

    SHA1

    04d8889b2c785b9eeface137aaa8f7afb5a1d8cc

    SHA256

    9d6581324877a8184a762d6be3601ef1417285be2a209608387e6ab6dbf82f6e

    SHA512

    376fb396f7696a21d1d3ef4a60be1b0964fc7fc75eeb2512ed46dac445bc2371022a0fcc38d67bd14938818a9d58b94b1afa3e3406b443ba6a1be6cd37724297

    Download Submit

  • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
    Filesize

    23.0MB

    MD5

    9ab5215a194277c20fbb7f22b75fb940

    SHA1

    1de693acd71f7b59db55645ec6e2daec12f3d71c

    SHA256

    20e8dd10cc64b27edb67654d191239ec3238657c649fdea7802acbd2254c6535

    SHA512

    0de448f2bc5a136f4205a17dceb935d7f387f15ccfaef73b6f9b70069927938c73ddd96aac0c125704b3a5c35917be8a2353a27295a0b3274ab5c6f8f9533a19

    Download Submit

  • \??\Volume{88fae604-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{63a6679d-cbbe-4506-8e39-f4da89762f19}_OnDiskSnapshotProp
    Filesize

    5KB

    MD5

    6a27876d100b3150cfe80f1a43e7659d

    SHA1

    e6e2ea5eaf32009f53d16a79c65c827871dd0f5d

    SHA256

    7436e5dd76b5eff859345a176bc8cc8d3d27ec245c454b52469596027ef04cff

    SHA512

    7578e8c46117d05a58b173a8b1cd6315838607033c78cf133ce99a07791b9fb3f7ce22bac40312b15933f24dfe55063e5743a162b85ff0e129bbbc71e3d0069b

    Download Submit