Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
211s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19/06/2024, 21:54
Static task
static1
Behavioral task
behavioral1
Sample
Roblox Player.lnk
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Roblox Player.lnk
Resource
win10v2004-20240611-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
Roblox Player.lnk
-
Size
1KB
-
MD5
715ad43bf375bf57511346f3dc7afbfc
-
SHA1
2889842b68f2d7d09ac883e7a27dda8573ae0b38
-
SHA256
465d22acc3ec8ea4220753450e15bd0f72bc9b217f0fb3d39d701a74c46a68f0
-
SHA512
781c543b775eeaba8d12322210827801ee365f07af67c3dd292a3cebb618db7034d0600be06b357097b172b3745017da1f4ee11b85d0f1fea6ffd2c9354258b7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "111" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 732 Process not Found 1668 Process not Found 3020 Process not Found 3336 Process not Found 4044 Process not Found 4784 Process not Found 5028 Process not Found 4560 Process not Found 2156 Process not Found 1232 Process not Found 4428 Process not Found 2112 Process not Found 2508 Process not Found 4016 Process not Found 2904 Process not Found 3856 Process not Found 1952 Process not Found 3764 Process not Found 660 Process not Found 1492 Process not Found 3396 Process not Found 4376 Process not Found 1340 Process not Found 2716 Process not Found 4264 Process not Found 2364 Process not Found 4392 Process not Found 388 Process not Found 1916 Process not Found 4184 Process not Found 2236 Process not Found 4988 Process not Found 3516 Process not Found 2196 Process not Found 2780 Process not Found 3432 Process not Found 3748 Process not Found 4492 Process not Found 2584 Process not Found 704 Process not Found 5104 Process not Found 752 Process not Found 760 Process not Found 4032 Process not Found 4944 Process not Found 4908 Process not Found 2200 Process not Found 4660 Process not Found 3252 Process not Found 3828 Process not Found 3892 Process not Found 4688 Process not Found 2392 Process not Found 3844 Process not Found 1880 Process not Found 3840 Process not Found 4800 Process not Found 3788 Process not Found 436 Process not Found 3476 Process not Found 5100 Process not Found 3980 Process not Found 5068 Process not Found 2408 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2900 LogonUI.exe