Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

TT ViewBot Tool.rar

windows7-x64

10

TT ViewBot Tool.rar

windows10-2004-x64

3

TT ViewBot...ignore

windows7-x64

3

TT ViewBot...ignore

windows10-2004-x64

3

TT ViewBot...sts.py

windows7-x64

3

TT ViewBot...sts.py

windows10-2004-x64

3

TT ViewBot...es.txt

windows7-x64

1

TT ViewBot...es.txt

windows10-2004-x64

1

TT ViewBot...xie.py

windows7-x64

3

TT ViewBot...xie.py

windows10-2004-x64

3

TT ViewBot...ent.py

windows7-x64

3

TT ViewBot...ent.py

windows10-2004-x64

3

TT ViewBot...ICENSE

windows7-x64

1

TT ViewBot...ICENSE

windows10-2004-x64

1

TT ViewBot...DME.md

windows7-x64

3

TT ViewBot...DME.md

windows10-2004-x64

3

TT ViewBot...rt.exe

windows7-x64

10

TT ViewBot...rt.exe

windows10-2004-x64

10

TT ViewBot...tup.py

windows7-x64

3

TT ViewBot...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 04:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT ViewBot v2.0/setup.py

  • Size

    941B

  • MD5

    eda4ba41910e22351b9181d552cf3b1c

  • SHA1

    bf2fa5977b13b6ae80a4a1915d8025f75eca16fd

  • SHA256

    1291ef03e04110780a294bb9608358901fb86ea235840fbd49ffe7beeb6c4da4

  • SHA512

    1f6bcfd592c408acc45ec680ca78d01f15ed5ff3a7aaa632410923f4b661de671d9a5db6dd14b1695dcad37979b053df2d9d3067be8d5a51687bc583fda89ed2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\setup.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\setup.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\setup.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0dac6cb10271c4571f104597bd8ad1fe

    SHA1

    3b0166b30d5e86a202ef98e53bd6d0f34a4eddf5

    SHA256

    6f71d59ccb957b9e0d46fc4c7eedc71fb19eb4967a4befb21f3e7da918bbe7c0

    SHA512

    e081574ac02d1ba368e2ac43fb0ad3c7f4768bb8efd3d56a4d5421786d4e5727f10bf4ee9eb69531ea7c124eba25def930e9d0fd0a16a1ea9dfbc445b01d7bb1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.