Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

TT ViewBot Tool.rar

windows7-x64

10

TT ViewBot Tool.rar

windows10-2004-x64

3

TT ViewBot...ignore

windows7-x64

3

TT ViewBot...ignore

windows10-2004-x64

3

TT ViewBot...sts.py

windows7-x64

3

TT ViewBot...sts.py

windows10-2004-x64

3

TT ViewBot...es.txt

windows7-x64

1

TT ViewBot...es.txt

windows10-2004-x64

1

TT ViewBot...xie.py

windows7-x64

3

TT ViewBot...xie.py

windows10-2004-x64

3

TT ViewBot...ent.py

windows7-x64

3

TT ViewBot...ent.py

windows10-2004-x64

3

TT ViewBot...ICENSE

windows7-x64

1

TT ViewBot...ICENSE

windows10-2004-x64

1

TT ViewBot...DME.md

windows7-x64

3

TT ViewBot...DME.md

windows10-2004-x64

3

TT ViewBot...rt.exe

windows7-x64

10

TT ViewBot...rt.exe

windows10-2004-x64

10

TT ViewBot...tup.py

windows7-x64

3

TT ViewBot...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 04:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT ViewBot v2.0/Data/Lists.py

  • Size

    2KB

  • MD5

    58b844082767dd40b291276087b6323b

  • SHA1

    41748aed3409eeb4be7a8d53b98a81fcfff2323d

  • SHA256

    b21702251cf0e88c166088d4e08294b2b0c2f961da8056ac48c735243d554279

  • SHA512

    f50268442358d511424d649603ce701cda7bb885cdfe005c8fbcdbde2b47784102b7196438d664ef4c32b5c317ad9e9b8ec7f1ed741d3aef399f378149c61547

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\Data\Lists.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\Data\Lists.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TT ViewBot v2.0\Data\Lists.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    727198f267492a84251db1535e3bc047

    SHA1

    49df73be0644ecffe57b57f3f1058a3c8b0c3a31

    SHA256

    cd9c4657e0a2a82898f454da5a5938d97638a2d5b34da5ba90fa1b177fab9df1

    SHA512

    502a67c559590a80b735ac17194187d639ad93977c224d816ed93476ee9d52e530c6f09c9754e5e38214637af7154fa5fd9444cf435450bd53fd701afdc7ca04

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.