Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RobloxStudioInstaller.exe
-
Size
5.4MB
-
Sample
240805-vxmt4swgpe
-
MD5
4fa63f4ccb9b1fca93ab82e51c6d4750
-
SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86
-
SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb
-
SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab
-
SSDEEP
98304:CLv+pDLARNKsA+779cNPdtUj5h4tgDueFVQzo+RT4pQP6/h/puvJAV:y+pDERNKuCRoIgDuel+RQQizGJO
Malware Config
Targets
-
-
Target
RobloxStudioInstaller.exe
-
Size
5.4MB
-
MD5
4fa63f4ccb9b1fca93ab82e51c6d4750
-
SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86
-
SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb
-
SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab
-
SSDEEP
98304:CLv+pDLARNKsA+779cNPdtUj5h4tgDueFVQzo+RT4pQP6/h/puvJAV:y+pDERNKuCRoIgDuel+RQQizGJO
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Network Share Discovery
Attempt to gather information on host network.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1