Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2024, 18:08 UTC

General

  • Target

    rbxfpsunlocker.exe

  • Size

    605KB

  • MD5

    09d083f0e2c1e8a3561209902333ad8f

  • SHA1

    d9692d3aba34a39aeb9e53cb3d25562b94e2e597

  • SHA256

    83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9

  • SHA512

    c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b

  • SSDEEP

    12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
    "C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3036

Network

  • flag-us
    DNS
    api.github.com
    rbxfpsunlocker.exe
    Remote address:
    8.8.8.8:53
    Request
    api.github.com
    IN A
    Response
    api.github.com
    IN A
    20.26.156.210
  • flag-gb
    GET
    https://api.github.com/repos/axstin/rbxfpsunlocker/releases/latest
    rbxfpsunlocker.exe
    Remote address:
    20.26.156.210:443
    Request
    GET /repos/axstin/rbxfpsunlocker/releases/latest HTTP/1.1
    User-Agent: axstin/rbxfpsunlocker
    Host: api.github.com
    Response
    HTTP/1.1 200 OK
    Server: GitHub.com
    Date: Sat, 04 May 2024 18:09:02 GMT
    Cache-Control: public, max-age=60, s-maxage=60
    Vary: Accept, Accept-Encoding, Accept, X-Requested-With
    Last-Modified: Fri, 10 Nov 2023 23:01:19 GMT
    x-github-api-version-selected: 2022-11-28
    Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
    Access-Control-Allow-Origin: *
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Options: deny
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
    Content-Security-Policy: default-src 'none'
    Content-Type: application/json; charset=utf-8
    X-GitHub-Media-Type: github.v3; format=json
    ETag: W/"a2228080cb24352116a3b910149f6b2c7c987a31da2ca9872963ca5d7e6466e1"
    X-RateLimit-Limit: 60
    X-RateLimit-Remaining: 51
    X-RateLimit-Reset: 1714846499
    X-RateLimit-Resource: core
    X-RateLimit-Used: 9
    Accept-Ranges: bytes
    Content-Length: 4078
    X-GitHub-Request-Id: E9CE:66E58:AE0EF3:B39D09:663679BD
  • 20.26.156.210:443
    https://api.github.com/repos/axstin/rbxfpsunlocker/releases/latest
    tls, http
    rbxfpsunlocker.exe
    892 B
    9.4kB
    10
    11

    HTTP Request

    GET https://api.github.com/repos/axstin/rbxfpsunlocker/releases/latest

    HTTP Response

    200
  • 8.8.8.8:53
    api.github.com
    dns
    rbxfpsunlocker.exe
    60 B
    76 B
    1
    1

    DNS Request

    api.github.com

    DNS Response

    20.26.156.210

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar798A.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.