Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Roblox Studio.lnk

windows7-x64

3

Roblox Studio.lnk

windows10-2004-x64

3

Resubmissions

16/07/2024, 08:48

240716-kqm67atgnr 3

16/07/2024, 08:45

240716-knq53axajf 3

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox Studio.lnk

  • Size

    1KB

  • MD5

    856ef75929023c4d751a19ce5193f236

  • SHA1

    5944fce93656ea78c0e63e07640562895bc15e70

  • SHA256

    d594c212c13706e3d54f632394beb9e3516029345758f75b0e25a8b66f85f9fd

  • SHA512

    36c7b54770067beadd6b088ca3683b671d3fe086b2b2b3946d61f52d4ffb2477b25ff02c6bd5529c5c13c0d9a2dbb1e57b5021169008f463cab1e3b4bc164f6d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Studio.lnk"
    1⤵
      PID:1988
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\SwitchStep.rar
      1⤵
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\SwitchStep.rar
        2⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SwitchStep.rar"
          3⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3012-33-0x000007FEF66D0000-0x000007FEF6704000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3012-32-0x000000013F2C0000-0x000000013F3B8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/3012-35-0x000007FEF66B0000-0x000007FEF66C8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3012-36-0x000007FEF6250000-0x000007FEF6267000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3012-34-0x000007FEF5210000-0x000007FEF54C6000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3012-37-0x000007FEF61C0000-0x000007FEF61D1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-38-0x000007FEF61A0000-0x000007FEF61B7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3012-39-0x000007FEF50C0000-0x000007FEF50D1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-40-0x000007FEF50A0000-0x000007FEF50BD000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3012-41-0x000007FEF5080000-0x000007FEF5091000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-43-0x000007FEF3DC0000-0x000007FEF3FCB000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3012-53-0x000007FEF3C30000-0x000007FEF3C60000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3012-42-0x000007FEF3FD0000-0x000007FEF5080000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/3012-56-0x000007FEF3B20000-0x000007FEF3B31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-55-0x000007FEF3B40000-0x000007FEF3BBC000-memory.dmp

      Filesize

      496KB

      Download

    • memory/3012-54-0x000007FEF3BC0000-0x000007FEF3C27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3012-52-0x000007FEF3C60000-0x000007FEF3C78000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3012-51-0x000007FEF3C80000-0x000007FEF3C91000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-57-0x000007FEF3AC0000-0x000007FEF3B17000-memory.dmp

      Filesize

      348KB

      Download

    • memory/3012-58-0x000007FEF3A90000-0x000007FEF3AB8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/3012-50-0x000007FEF3CA0000-0x000007FEF3CBB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3012-59-0x000007FEF3A60000-0x000007FEF3A84000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3012-60-0x000007FEF3A40000-0x000007FEF3A58000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3012-49-0x000007FEF3CC0000-0x000007FEF3CD1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-61-0x000007FEF3A10000-0x000007FEF3A33000-memory.dmp

      Filesize

      140KB

      Download

    • memory/3012-48-0x000007FEF3CE0000-0x000007FEF3CF1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-62-0x000007FEF39F0000-0x000007FEF3A01000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-63-0x000007FEF39D0000-0x000007FEF39E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3012-47-0x000007FEF3D00000-0x000007FEF3D11000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-64-0x000007FEF2D90000-0x000007FEF2DA1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-46-0x000007FEF3D20000-0x000007FEF3D38000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3012-65-0x000007FEF2C80000-0x000007FEF2C91000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3012-45-0x000007FEF3D40000-0x000007FEF3D61000-memory.dmp

      Filesize

      132KB

      Download

    • memory/3012-44-0x000007FEF3D70000-0x000007FEF3DB1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/3012-73-0x000000013F2C0000-0x000000013F3B8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/3012-75-0x000007FEF5210000-0x000007FEF54C6000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3012-74-0x000007FEF66D0000-0x000007FEF6704000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3012-76-0x000007FEF3FD0000-0x000007FEF5080000-memory.dmp

      Filesize

      16.7MB

      Download