Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/08/2024, 17:22

240805-vxmt4swgpe 8

05/08/2024, 17:10

240805-vpztpswfma 8

05/08/2024, 17:06

240805-vmkl1asepq 8

General

  • Target

    RobloxStudioInstaller.exe

  • Size

    5.4MB

  • Sample

    240805-vxmt4swgpe

  • MD5

    4fa63f4ccb9b1fca93ab82e51c6d4750

  • SHA1

    1f26018c15ed5e14140ed44c28cf52a7b892fc86

  • SHA256

    685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

  • SHA512

    a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

  • SSDEEP

    98304:CLv+pDLARNKsA+779cNPdtUj5h4tgDueFVQzo+RT4pQP6/h/puvJAV:y+pDERNKuCRoIgDuel+RQQizGJO

Malware Config

Targets

    • Target

      RobloxStudioInstaller.exe

    • Size

      5.4MB

    • MD5

      4fa63f4ccb9b1fca93ab82e51c6d4750

    • SHA1

      1f26018c15ed5e14140ed44c28cf52a7b892fc86

    • SHA256

      685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

    • SHA512

      a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

    • SSDEEP

      98304:CLv+pDLARNKsA+779cNPdtUj5h4tgDueFVQzo+RT4pQP6/h/puvJAV:y+pDERNKuCRoIgDuel+RQQizGJO

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Network Share Discovery

      Attempt to gather information on host network.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks