Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

kiwi's rob...er.bat

windows10-2004-x64

1

kiwi's rob...UI.exe

windows10-2004-x64

1

kiwi's rob...PI.dll

windows10-2004-x64

1

kiwi's rob...ut.dll

windows10-2004-x64

1

kiwi's rob...UI.exe

windows10-2004-x64

1

kiwi's rob...PI.dll

windows10-2004-x64

1

kiwi's rob...ut.dll

windows10-2004-x64

1

kiwi's rob...or.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kiwi's roblox shaders/dwmlutW11/DwmLutGUI.exe

  • Size

    49KB

  • MD5

    63f7f666bfa56cacba56fc0129a0acd8

  • SHA1

    8543846c7732b0c18a9683c0f1e325e73cfd1ef6

  • SHA256

    0cd2d1a215c1e9e8e58a4c9186df8c9cd7b270aec96b841816eaac67988855e8

  • SHA512

    061df5e4e13d2da6a5fc0fb4a70eb8fbb01c7d99213d3d2cacf1e80733a9d0cf6e483789b06f3d36fbbf1afda80b2e94f9b760767afb16246455fcf3d2c006de

  • SSDEEP

    768:S0jb/3L2WTtbFKChJ0i5zv3RdNrICIB31CxEH8kSiJVDDDDDRVDDDDDsStYcFwVY:vBTVFKCP3z3NrICIBlT8kSi0+wVcl

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kiwi's roblox shaders\dwmlutW11\DwmLutGUI.exe
    "C:\Users\Admin\AppData\Local\Temp\kiwi's roblox shaders\dwmlutW11\DwmLutGUI.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4856
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4856-0-0x00007FF9EA913000-0x00007FF9EA915000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4856-1-0x000001B1D5010000-0x000001B1D5022000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4856-2-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-3-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-4-0x000001B1D6EF0000-0x000001B1D6F06000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4856-5-0x000001B1D6F10000-0x000001B1D6F18000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4856-6-0x000001B1F06E0000-0x000001B1F0718000-memory.dmp

      Filesize

      224KB

      Download

    • memory/4856-7-0x000001B1D6F20000-0x000001B1D6F2E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4856-8-0x00007FF9EA913000-0x00007FF9EA915000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4856-9-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-10-0x000001B1F3180000-0x000001B1F3188000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4856-11-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-12-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-13-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-14-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4856-15-0x00007FF9EA910000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      10.8MB

      Download