Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

BLTools 2.9.1 Pro.rar

windows7-x64

3

BLTools 2.9.1 Pro.rar

windows10-2004-x64

3

BLTools 2.9.1 Pro.exe

windows7-x64

8

BLTools 2.9.1 Pro.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    62s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BLTools 2.9.1 Pro.exe

  • Size

    6.4MB

  • MD5

    d3b80d2e6480771f7e418d35fdee5ef3

  • SHA1

    7d9f1c09aebbf199d913b911073c99792b315f26

  • SHA256

    b1906ad0d515c2e29b7bf0cc47ea25cf0c63c6be5f828f5b73943f5e6915063e

  • SHA512

    01e1bcddcd0efefcf31a65809be5d8ccb679870829cf08a4c8b4aa8db298b9b002ff8971b13321c9eb64b6a41dd70d5ca13e5a886395a2883013f939736dd91a

  • SSDEEP

    196608:chJoo8pE2SNowmev8lJKjieK7adi6tC2w5hz:SeHSWe0lJP7wH5it

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BLTools 2.9.1 Pro.exe
    "C:\Users\Admin\AppData\Local\Temp\BLTools 2.9.1 Pro.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4764
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:232
    • C:\Users\Admin\AppData\Local\Temp\BLTools 2.9.1 Pro.exe
      "C:\Users\Admin\AppData\Local\Temp\BLTools 2.9.1 Pro.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1316-8-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1316-9-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1316-12-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4764-0-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4764-2-0x00007FF94350D000-0x00007FF94350E000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4764-3-0x00007FF943470000-0x00007FF943665000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4764-7-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4764-6-0x00007FF943470000-0x00007FF943665000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4764-4-0x0000000140000000-0x00000001401DD000-memory.dmp

      Filesize

      1.9MB

      Download