Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1advanced-m...ls.rar
windows7-x64
3advanced-m...ls.rar
windows10-2004-x64
3advanced-m...ain.py
windows7-x64
3advanced-m...ain.py
windows10-2004-x64
3advanced-m...ler.py
windows7-x64
3advanced-m...ler.py
windows10-2004-x64
3advanced-m...ber.py
windows7-x64
3advanced-m...ber.py
windows10-2004-x64
3advanced-m...mer.py
windows7-x64
3advanced-m...mer.py
windows10-2004-x64
3advanced-m...kup.py
windows7-x64
3advanced-m...kup.py
windows10-2004-x64
3advanced-m...nfo.py
windows7-x64
3advanced-m...nfo.py
windows10-2004-x64
3advanced-m...aid.py
windows7-x64
3advanced-m...aid.py
windows10-2004-x64
3advanced-m...nfo.py
windows7-x64
3advanced-m...nfo.py
windows10-2004-x64
3advanced-m...mer.py
windows7-x64
3advanced-m...mer.py
windows10-2004-x64
3advanced-m...12.pyc
windows7-x64
3advanced-m...12.pyc
windows10-2004-x64
3advanced-m...12.pyc
windows7-x64
3advanced-m...12.pyc
windows10-2004-x64
advanced-m...kup.py
windows7-x64
3advanced-m...kup.py
windows10-2004-x64
3advanced-m...sdm.py
windows7-x64
3advanced-m...sdm.py
windows10-2004-x64
3advanced-m...ger.py
windows7-x64
3advanced-m...ger.py
windows10-2004-x64
3advanced-m...ts.txt
windows7-x64
1advanced-m...ts.txt
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
09/08/2024, 19:51
Static task
static1
Behavioral task
behavioral1
Sample
advanced-multitools.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
advanced-multitools.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
advanced-multitools/main.py
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
advanced-multitools/main.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
advanced-multitools/plugins/Account-disabler.py
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
advanced-multitools/plugins/Account-disabler.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
advanced-multitools/plugins/Anti-grabber.py
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
advanced-multitools/plugins/Anti-grabber.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
advanced-multitools/plugins/Group-spammer.py
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
advanced-multitools/plugins/Group-spammer.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
advanced-multitools/plugins/Serveurlookup.py
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
advanced-multitools/plugins/Serveurlookup.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
advanced-multitools/plugins/Tokeninfo.py
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
advanced-multitools/plugins/Tokeninfo.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
advanced-multitools/plugins/Tokenraid.py
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
advanced-multitools/plugins/Tokenraid.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
advanced-multitools/plugins/Webhook-info.py
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
advanced-multitools/plugins/Webhook-info.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
advanced-multitools/plugins/Webhook-spammer.py
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
advanced-multitools/plugins/Webhook-spammer.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
advanced-multitools/plugins/__pycache__/numbers.cpython-312.pyc
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
advanced-multitools/plugins/__pycache__/numbers.cpython-312.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
advanced-multitools/plugins/__pycache__/phonenumbers.cpython-312.pyc
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
advanced-multitools/plugins/__pycache__/phonenumbers.cpython-312.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
advanced-multitools/plugins/lookup.py
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
advanced-multitools/plugins/lookup.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
advanced-multitools/plugins/massdm.py
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
advanced-multitools/plugins/massdm.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
advanced-multitools/plugins/pinger.py
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
advanced-multitools/plugins/pinger.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
advanced-multitools/requirements.txt
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
advanced-multitools/requirements.txt
Resource
win10v2004-20240802-en
General
-
Target
advanced-multitools.rar
-
Size
23KB
-
MD5
d83832642b369013ac159d73197e31cd
-
SHA1
18383e046170a16217e464fbf340474413518da2
-
SHA256
f012dd76bed797a524a762645867d40b8812bac92049cf27c61a6910fed92d01
-
SHA512
81059f6bbfe241e0c26af95d51915b7685423508610715b69b1130078a9a58f674e70599d90e695a5f18fc2b02d846cb583949742e3b9a1e2fd6c83407436bfc
-
SSDEEP
384:oN09KnTAwwnWy1pkY9tnFGgOpxMZJebYSTUjROT2WV5sLR1ywKRH7YN7ItQYbGXl:U09x9WybtnFBOpyHmZwjygLR1iRH7YNb
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 572 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 572 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe 572 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 572 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2824 2208 cmd.exe 31 PID 2208 wrote to memory of 2824 2208 cmd.exe 31 PID 2208 wrote to memory of 2824 2208 cmd.exe 31 PID 2824 wrote to memory of 2944 2824 rundll32.exe 32 PID 2824 wrote to memory of 2944 2824 rundll32.exe 32 PID 2824 wrote to memory of 2944 2824 rundll32.exe 32 PID 2944 wrote to memory of 572 2944 rundll32.exe 34 PID 2944 wrote to memory of 572 2944 rundll32.exe 34 PID 2944 wrote to memory of 572 2944 rundll32.exe 34
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\advanced-multitools.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\advanced-multitools.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\advanced-multitools.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\advanced-multitools.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:572
-
-
-