Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

TT ViewBot Tool.rar

windows7-x64

10

TT ViewBot Tool.rar

windows10-2004-x64

3

TT ViewBot...ignore

windows7-x64

3

TT ViewBot...ignore

windows10-2004-x64

3

TT ViewBot...sts.py

windows7-x64

3

TT ViewBot...sts.py

windows10-2004-x64

3

TT ViewBot...es.txt

windows7-x64

1

TT ViewBot...es.txt

windows10-2004-x64

1

TT ViewBot...xie.py

windows7-x64

3

TT ViewBot...xie.py

windows10-2004-x64

3

TT ViewBot...ent.py

windows7-x64

3

TT ViewBot...ent.py

windows10-2004-x64

3

TT ViewBot...ICENSE

windows7-x64

1

TT ViewBot...ICENSE

windows10-2004-x64

1

TT ViewBot...DME.md

windows7-x64

3

TT ViewBot...DME.md

windows10-2004-x64

3

TT ViewBot...rt.exe

windows7-x64

10

TT ViewBot...rt.exe

windows10-2004-x64

10

TT ViewBot...tup.py

windows7-x64

3

TT ViewBot...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 04:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT ViewBot v2.0/.gitignore

  • Size

    2KB

  • MD5

    da211c7c93bf4e8861af1dc2616c9548

  • SHA1

    eb7d1ec41dbdbf2a89c4c62000b0f6b8313d8c15

  • SHA256

    fcc9443ae95fc4cfd56aed31937d8060e03212a92707615fed5ee59e0b38def6

  • SHA512

    75c7e19808d263a91d226722d36f5c93cfa02607557977abe10e6c79714e012c98182fabb048e630ec647c937246a29deb5a888419cc00cb4b195c378918b7de

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\.gitignore"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\.gitignore
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\.gitignore"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    61ed837117b4e9d837fdcca9a0954a21

    SHA1

    bbe407eb5b738e70e48c21906a1121c8e4c499d3

    SHA256

    509b730f4d46647bd17d4903fcfc307ab07e43d6a274ad8151ab785f27639b68

    SHA512

    d7b033930a46b2dbf096f2e3138b2efea67bd58bc0db94f097cf4a6fdfb647668bb8bd1a99c63c7772e97d6583d03ad8b5dfaf8e2ffb61e2d91f55f317039e6f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.