Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10BlitzedV12...12.exe
windows7-x64
7BlitzedV12...12.exe
windows10-2004-x64
7BlitzedV12...xe.xml
windows7-x64
3BlitzedV12...xe.xml
windows10-2004-x64
1BlitzedV12...OR.dll
windows7-x64
1BlitzedV12...OR.dll
windows10-2004-x64
1BlitzedV12...hy.dll
windows7-x64
1BlitzedV12...hy.dll
windows10-2004-x64
1BlitzedV12...ed.exe
windows7-x64
10BlitzedV12...ed.exe
windows10-2004-x64
10BlitzedV12...to.dll
windows7-x64
1BlitzedV12...to.dll
windows10-2004-x64
1BlitzedV12...on.dll
windows7-x64
1BlitzedV12...on.dll
windows10-2004-x64
1BlitzedV12...le.exe
windows7-x64
3BlitzedV12...le.exe
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 21:32
Behavioral task
behavioral1
Sample
BlitzedV12/BlitzedGrabberV12.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
BlitzedV12/BlitzedGrabberV12.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
BlitzedV12/BlitzedGrabberV12.exe.xml
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
BlitzedV12/BlitzedGrabberV12.exe.xml
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
BlitzedV12/Resources/APIFOR.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
BlitzedV12/Resources/APIFOR.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
BlitzedV12/Resources/Anarchy.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
BlitzedV12/Resources/Anarchy.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
BlitzedV12/Resources/Blitzed.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
BlitzedV12/Resources/Blitzed.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
BlitzedV12/Resources/BouncyCastle.Crypto.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
BlitzedV12/Resources/BouncyCastle.Crypto.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
BlitzedV12/Resources/Newtonsoft.Json.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
BlitzedV12/Resources/Newtonsoft.Json.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
BlitzedV12/Resources/UltraEmbeddable.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
BlitzedV12/Resources/UltraEmbeddable.exe
Resource
win10v2004-20240802-en
General
-
Target
BlitzedV12/BlitzedGrabberV12.exe
-
Size
1.9MB
-
MD5
006cd7ac7f04dfecdb6c58c9e380aca0
-
SHA1
fd06e16fd731dacb516a945a6cb619b30ecf7ff4
-
SHA256
b0ec85887a9ad75110914916ab2a2d45487e4b65713d4272c050430d80665e64
-
SHA512
47014779312ec5d9481a3c2c97d7e48884e8f61b7a03ee980c2b40fb9e32cfa078554abc45b67d04f6786d2013b0cec0d8be700bda150990f7c44dc6469bef09
-
SSDEEP
49152:MmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG:z49wi73fWc
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2220 BlitzedGrabberV12.exe -
Obfuscated with Agile.Net obfuscator 33 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/2220-3-0x0000000005250000-0x0000000005442000-memory.dmp agile_net behavioral1/memory/2220-12-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-15-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-13-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-17-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-21-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-23-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-25-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-27-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-31-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-35-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-37-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-39-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-33-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-29-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-19-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-41-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-49-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-60-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-65-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-73-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-51-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-71-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-69-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-67-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-63-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-61-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-57-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-55-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-53-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-47-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-45-0x0000000005250000-0x000000000543E000-memory.dmp agile_net behavioral1/memory/2220-43-0x0000000005250000-0x000000000543E000-memory.dmp agile_net -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlitzedGrabberV12.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2220 BlitzedGrabberV12.exe 2220 BlitzedGrabberV12.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320B
MD5c6e6fc3cdec0ad213d9330a9b630fd5c
SHA1ed4278e0e4b9d1b47fbe92ca2f98af62e5d6c027
SHA25696c2db8d8037a20cc6550c935f9a11da70f84a2bc64a1be1807b06bc1bda2492
SHA51237ee70ae328547b684db668ce59c9f7eea672184fb1f5ed41341a0fab84bbe0419f0706742832fc6f1ae78e474cd1d3f5f757fc9c44ed0ca557101a733532e0f
-
Filesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a