Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Roblox-Mas...in.zip

windows7-x64

1

Roblox-Mas...in.zip

windows10-2004-x64

1

5df42da4-c...dc.mp4

windows7-x64

1

5df42da4-c...dc.mp4

windows10-2004-x64

6

Roblox-Mas...Ban.py

windows7-x64

3

Roblox-Mas...Ban.py

windows10-2004-x64

3

Roblox-Mas...DME.md

windows7-x64

3

Roblox-Mas...DME.md

windows10-2004-x64

3

Roblox-Mas...es.txt

windows7-x64

1

Roblox-Mas...es.txt

windows10-2004-x64

3

Roblox-Mas...ain.py

windows7-x64

3

Roblox-Mas...ain.py

windows10-2004-x64

3

Roblox-Mas...xy.txt

windows7-x64

1

Roblox-Mas...xy.txt

windows10-2004-x64

1

Roblox-Mas...up.bat

windows7-x64

1

Roblox-Mas...up.bat

windows10-2004-x64

1

Roblox-Mas...ts.txt

windows7-x64

1

Roblox-Mas...ts.txt

windows10-2004-x64

1

python-3.1...64.exe

windows7-x64

4

python-3.1...64.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    1172s
  • max time network
    1156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5df42da4-c2fc-4c88-b987-7b53c91958dc.mp4

  • Size

    6.8MB

  • MD5

    f9c6fade0d8e712b80338b303a912ab6

  • SHA1

    ba776164a624987acf084f0707b42c9ab46564ec

  • SHA256

    807a27e3ea56dc1593874acfb622208e9a9966c80411f8608ce5425c2ec3cd0c

  • SHA512

    e3833a1498598666951197a1da66babe13b31eec3552cb63ebdcec620708b581426082b4160ff2cd0d9446c39d1fef939c893e0e1897d2cd456051d14e129c24

  • SSDEEP

    196608:Z/aU37CDScNEhMd3Zk4wScVr+rfbVhESiue3E05Pcfow377K8:Z+D9d3Zk4wVIjVhzJWsfx77K8

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\5df42da4-c2fc-4c88-b987-7b53c91958dc.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:408
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:5084
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:5028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    512KB

    MD5

    be7927b883bfdfab4d7820c6f5f3661b

    SHA1

    2e43fc9b55fe625e568a01638df926eda12dfb4a

    SHA256

    ed853a4fd91e0cf2fdf173de222e0739ba3fe52f139876aa7bcf7f3b05e4d629

    SHA512

    e908e01078a8016250382efb2393550712a393aad6e59fbf13ca1f522b90f67e2653e01d1e918f91846c7e7ac06ae3db3adf26c202178c202f6518e940112d51

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    54bf4aa53f3e467cc16b8eeb2d64548e

    SHA1

    b5c14a1c3e8e270dd86f20f732ba3be0330ee79f

    SHA256

    824f8d90356a28148c97943ff976c1f68cf9ce42227c8c7ee682d1395ef47f7b

    SHA512

    37f60da444255ef87b7c5d1ca1dbe18784c09d2f2c9abe2b04a55e1d3ae016237674d08e5b5a24c66104c82af77b1adf0fced68d53b004143930537e49db77ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    cd183d58a39a3697c03e00772347f81d

    SHA1

    248188ba967440c2980ef67ba206f38e43c717fd

    SHA256

    7507f80ab790afd9d8243178331527912776c5458b3c748ab0a4591f833c65ba

    SHA512

    ebdf8731b9548fe227c0530eb12ec79138632002167b6de04291e14eeb3c90247318b21d7f4dc1994286f4d79b54358608dfab019a561e384fe35959bde75158

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    749f13b99d078623c428f3234b2c7f35

    SHA1

    bb57063bd3985815db8ca52f9f3c5380f48985fc

    SHA256

    0a4e4e569db33555ed5b632e9effc22c715abbbf11e6fcb5ef6501c08be3737a

    SHA512

    5ac11804d959246ae5a5ee348241118f4292bc0e0c34a24d7ac5c0cf51598a6a6d725064f6190c0b907221f90c5ce8fe8d6ab7dfae7469a06c703aec065ea75a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    5433eab10c6b5c6d55b7cbd302426a39

    SHA1

    c5b1604b3350dab290d081eecd5389a895c58de5

    SHA256

    23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

    SHA512

    207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    19358af8483117da9c97cad80c45aee5

    SHA1

    fd12159c7f3a830d0759a0882823cbb7ff61ecd1

    SHA256

    249977bd99b0a4026ef37e0070b94f2d49791002cfee021c7101ad448352bcbb

    SHA512

    2ca2409a4909d8a719cd3c4d65595439da8a83b1a75fe1dc0b72bd23a273a7758fa5093650239f6acf22de66ad620bbe3bcfba6e50022208c8197a8f57fa8140

    Download Submit

  • memory/4652-32-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-31-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-30-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-33-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-37-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-38-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-36-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-35-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-34-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-53-0x0000000005250000-0x0000000005260000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-54-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-55-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-56-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-57-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-58-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-59-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-61-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-60-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-64-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-63-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-62-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-65-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-66-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-68-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-70-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-69-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-67-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-71-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-72-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-73-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-74-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-75-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-76-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-77-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-78-0x0000000005250000-0x0000000005260000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-79-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-81-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-80-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-82-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-84-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-83-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-85-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-86-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-88-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-89-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-87-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-90-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-91-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-92-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-95-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-94-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-93-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-96-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-97-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-98-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-99-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-100-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-101-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-102-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-103-0x0000000005250000-0x0000000005260000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-104-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-105-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-106-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4652-107-0x0000000009A20000-0x0000000009A30000-memory.dmp

    Filesize

    64KB

    Download