Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
29/04/2024, 16:53
240429-vd64msff34 8Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/04/2024, 16:53
Static task
static1
Behavioral task
behavioral1
Sample
skibidi_copy_off_game.rbxl
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
skibidi_copy_off_game.rbxl
Resource
win10v2004-20240426-en
General
-
Target
skibidi_copy_off_game.rbxl
-
Size
3.4MB
-
MD5
6b3b0755a3061008bfe8894901f97956
-
SHA1
1d6f9f911d5198195945734f0926b374d9bbc416
-
SHA256
07025b2e0e775cdb2540ac7f4ba53d4697eae2bc3167274c10dd5258cd99371d
-
SHA512
705e2aaa6d3677a104c0e0d3a9f5f2db355f252c74270da9e3692a1c7a1e555c3b9abcb27dc65c48911448318df3e53a15d557764c41149ae54ed97c39a2a162
-
SSDEEP
49152:m6IOzVAz4eJYVxpTlTeUnKHavU+jQ+4HDeGChDAjSb0lc5LEb3:m6I4+9QlKGUOQ+4jGAjSb7I3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2584 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2584 2860 cmd.exe 29 PID 2860 wrote to memory of 2584 2860 cmd.exe 29 PID 2860 wrote to memory of 2584 2860 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\skibidi_copy_off_game.rbxl1⤵
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\skibidi_copy_off_game.rbxl2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2584
-