Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Roblox_MU.exe

windows7-x64

7

Roblox_MU.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2023, 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox_MU.exe

  • Size

    15.4MB

  • MD5

    ca6786492583a7da62c55c8d84b43e7d

  • SHA1

    aca9692f61608c133ddab0e70bd256905c13fd75

  • SHA256

    0d6a6a819635f31e4b64ed326b9f75ad72ebd0dd769bc6ba1b12c11510edd396

  • SHA512

    1a8b5e25de55f8bdc046fbcc5096c81fd89ca46db46f50b66ba31fbaa69c960d91bf9ae6dff2749752fbb3e3cc95f7d0106e573542194cea6bb530d46b1a9086

  • SSDEEP

    393216:yWvz+XOVzOwKlICtL+9qzTfgD7fEUyIWaJOO0WCWLu:Tz+XOxO4A+9q/fq7fEbIMVWLu

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox_MU.exe
    "C:\Users\Admin\AppData\Local\Temp\Roblox_MU.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Users\Admin\AppData\Local\Temp\Roblox_MU.exe
      "C:\Users\Admin\AppData\Local\Temp\Roblox_MU.exe"
      2⤵
      • Loads dropped DLL
      PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI14082\python312.dll
    Filesize

    1.7MB

    MD5

    552ef97cdbebf443304b7514bb50e950

    SHA1

    8d5f5286ee7d4d64ebefb99ea48a5d88ad2e38cc

    SHA256

    888b1eea6ffed7188cb3b82558267fc6fdd3930ea98c9f6801bcb728b02ed538

    SHA512

    c8f0e960831b0bb2bffd5f3d490086002b74499d863488e515d7b755e01e97bc967dce7b211f059ce6046dc6f8f694140456046ba2773903f4b32d7ab38fc325

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14082\python312.dll
    Filesize

    1.7MB

    MD5

    552ef97cdbebf443304b7514bb50e950

    SHA1

    8d5f5286ee7d4d64ebefb99ea48a5d88ad2e38cc

    SHA256

    888b1eea6ffed7188cb3b82558267fc6fdd3930ea98c9f6801bcb728b02ed538

    SHA512

    c8f0e960831b0bb2bffd5f3d490086002b74499d863488e515d7b755e01e97bc967dce7b211f059ce6046dc6f8f694140456046ba2773903f4b32d7ab38fc325

    Download Submit

  • memory/2716-90-0x000007FEF5DC0000-0x000007FEF6490000-memory.dmp

    Filesize

    6.8MB

    Download