Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
8Blank-Grab...er.bat
windows7-x64
7Blank-Grab...er.bat
windows10-2004-x64
1Blank-Grab...OBF.py
windows7-x64
3Blank-Grab...OBF.py
windows10-2004-x64
3Blank-Grab...10.pyc
windows7-x64
3Blank-Grab...10.pyc
windows10-2004-x64
3Blank-Grab...10.pyc
windows7-x64
3Blank-Grab...10.pyc
windows10-2004-x64
3Blank-Grab...10.pyc
windows7-x64
3Blank-Grab...10.pyc
windows10-2004-x64
3Blank-Grab...der.py
windows7-x64
3Blank-Grab...der.py
windows10-2004-x64
3Blank-Grab...ess.py
windows7-x64
3Blank-Grab...ess.py
windows10-2004-x64
3Blank-Grab...ess.py
windows7-x64
3Blank-Grab...ess.py
windows10-2004-x64
3Blank-Grab...ar.exe
windows7-x64
3Blank-Grab...ar.exe
windows10-2004-x64
3Blank-Grab...un.bat
windows7-x64
1Blank-Grab...un.bat
windows10-2004-x64
1Blank-Grab...ief.py
ubuntu-18.04-amd64
1Blank-Grab...ief.py
debian-9-armhf
1Blank-Grab...ief.py
debian-9-mips
1Blank-Grab...ief.py
debian-9-mipsel
1Blank-Grab...tub.py
windows7-x64
3Blank-Grab...tub.py
windows10-2004-x64
3Blank-Grab...px.exe
windows7-x64
7Blank-Grab...px.exe
windows10-2004-x64
7Blank-Grab...tes.py
windows7-x64
3Blank-Grab...tes.py
windows10-2004-x64
3Blank-Grab...gui.py
windows7-x64
3Blank-Grab...gui.py
windows10-2004-x64
3Resubmissions
13/07/2024, 23:11
240713-26p46asgld 813/07/2024, 20:33
240713-zb9h7swdpk 811/07/2024, 21:44
240711-1lnj6axfpd 811/07/2024, 21:32
240711-1d16aaxcrf 811/07/2024, 21:29
240711-1b5qpaxcke 811/07/2024, 21:25
240711-z9kmqsvcnm 811/07/2024, 21:22
240711-z7xvaavbrp 811/07/2024, 21:20
240711-z6q1cavbmj 811/07/2024, 21:16
240711-z4v7aawhrd 8Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 21:25
Behavioral task
behavioral1
Sample
Blank-Grabber-main/Blank Grabber/Builder.bat
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Blank-Grabber-main/Blank Grabber/Builder.bat
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Blank-Grabber-main/Blank Grabber/Components/BlankOBF.py
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Blank-Grabber-main/Blank Grabber/Components/BlankOBF.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/BlankOBF.cpython-310.pyc
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/BlankOBF.cpython-310.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/process.cpython-310.pyc
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/process.cpython-310.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/sigthief.cpython-310.pyc
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
Blank-Grabber-main/Blank Grabber/Components/__pycache__/sigthief.cpython-310.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
Blank-Grabber-main/Blank Grabber/Components/loader.py
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
Blank-Grabber-main/Blank Grabber/Components/loader.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
Blank-Grabber-main/Blank Grabber/Components/postprocess.py
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
Blank-Grabber-main/Blank Grabber/Components/postprocess.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Blank-Grabber-main/Blank Grabber/Components/process.py
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
Blank-Grabber-main/Blank Grabber/Components/process.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
Blank-Grabber-main/Blank Grabber/Components/rar.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Blank-Grabber-main/Blank Grabber/Components/rar.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Blank-Grabber-main/Blank Grabber/Components/run.bat
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
Blank-Grabber-main/Blank Grabber/Components/run.bat
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
Blank-Grabber-main/Blank Grabber/Components/sigthief.py
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral22
Sample
Blank-Grabber-main/Blank Grabber/Components/sigthief.py
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral23
Sample
Blank-Grabber-main/Blank Grabber/Components/sigthief.py
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral24
Sample
Blank-Grabber-main/Blank Grabber/Components/sigthief.py
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral25
Sample
Blank-Grabber-main/Blank Grabber/Components/stub.py
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
Blank-Grabber-main/Blank Grabber/Components/stub.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
Blank-Grabber-main/Blank Grabber/Components/upx.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Blank-Grabber-main/Blank Grabber/Components/upx.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
Blank-Grabber-main/Blank Grabber/Extras/unblock_sites.py
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
Blank-Grabber-main/Blank Grabber/Extras/unblock_sites.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
Blank-Grabber-main/Blank Grabber/gui.py
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
Blank-Grabber-main/Blank Grabber/gui.py
Resource
win10v2004-20240709-en
General
-
Target
Blank-Grabber-main/Blank Grabber/Components/loader.py
-
Size
634B
-
MD5
ca35548638710a32f6d4bc1a61a103c5
-
SHA1
2703967c4376cc2e0ca20191eff97b85989d8310
-
SHA256
e7dbfe873c719006f28e6526ef54215d7b7598bce5566734c552dab9f1f487e6
-
SHA512
d1c0839326662b240dfa4bcea7284d261be46e9bb8b03f073e0328e361321f9cdfa740abd4541b2cdc21c806bcd901d3bc3cc36b9f7e0ee6191d189df0533061
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.py rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.py\ = "py_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\py_auto_file rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1552 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1552 AcroRd32.exe 1552 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2152 wrote to memory of 1908 2152 cmd.exe 29 PID 2152 wrote to memory of 1908 2152 cmd.exe 29 PID 2152 wrote to memory of 1908 2152 cmd.exe 29 PID 1908 wrote to memory of 1552 1908 rundll32.exe 32 PID 1908 wrote to memory of 1552 1908 rundll32.exe 32 PID 1908 wrote to memory of 1552 1908 rundll32.exe 32 PID 1908 wrote to memory of 1552 1908 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py"1⤵
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1552
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f183831fe032bf2c832d2153abea2c98
SHA172d741fde9a41c4c9303464cb63b1cf7387b55e0
SHA25618368777303f5b6754d0d88ba8a692db29ff8ea827645903df19111b94df91ba
SHA512eaa20c19e5a15aa1e9c85c06f89239dcf695a3a2ba07004b6f903188253423d8cd772e31663ef2c3c2e04e88f63a86f419abc30a8a5912062d9ddac6bdea214c