Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Bloxstrap-v2.7.0.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    104s
  • max time network
    106s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/10/2024, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bloxstrap-v2.7.0.exe

  • Size

    10.1MB

  • MD5

    2c752edef5b0aa0962a3e01c4c82a2fa

  • SHA1

    9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

  • SHA256

    891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

  • SHA512

    04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

  • SSDEEP

    98304:TYd5DQd5Dk9Tsed5DogTrBKvGWD3nIOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrT4:Tasx3vG6IObAbN0T

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 61 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.7.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.7.0.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe" --app -channel production
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of NtCreateThreadExHideFromDebugger
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:4660
    • C:\Windows\explorer.exe
      "explorer.exe" /select,"C:\Users\Admin\AppData\Local\Temp\Bloxstrap_20241001T194114Z.log"
      2⤵
        PID:2748
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1076
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3160
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4952
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1396
        • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
          "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\.ses"
          2⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:3476

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
        Filesize

        79B

        MD5

        eab6dcc312473d43c2fa8cc41280d79c

        SHA1

        b4e9ec7e579d06dfcaa5ac616de2751308a153c3

        SHA256

        0a27d3c9100ab7ab6f03c45daeb0f0cd586f3aeb59daf7986e853f9614e954fe

        SHA512

        1ce0fdc237110d644bcc8238f184554f25813ccf7142fd312ce96fbb6659081db677b04485bf66d52100136da6bb9688e48b1287455725c7b4950153aa2a4595

        Download Submit

      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.dll
        Filesize

        18.5MB

        MD5

        78dc9f08202382db76ecce3d70a7107f

        SHA1

        110a23181673ba65356b953f28e13e5382e6da6b

        SHA256

        1f334bd39e9e17919c8dba82b2eaaae1a45154c574aff195b1c001c5fc1cb159

        SHA512

        c37bc98958b830101245ff422aad635c040fea0ab379556c870246964626073921440818a44c4fac5ce56d290969e3e6640f56f734cec74d986a793a59fa1be3

        Download Submit

      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-b591875ddfbc4294\content\sounds\ouch.ogg
        Filesize

        6KB

        MD5

        9404c52d6f311da02d65d4320bfebb59

        SHA1

        0b5b5c2e7c631894953d5828fec06bdf6adba55f

        SHA256

        c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

        SHA512

        22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TCD340.tmp\gb.xsl
        Filesize

        262KB

        MD5

        51d32ee5bc7ab811041f799652d26e04

        SHA1

        412193006aa3ef19e0a57e16acf86b830993024a

        SHA256

        6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

        SHA512

        5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

        Download Submit

      • memory/1600-0-0x00007FFD635EB000-0x00007FFD635EC000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1600-3-0x00007FFD635EB000-0x00007FFD635EC000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4660-3576-0x00007FFD72C80000-0x00007FFD72C90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3575-0x00007FFD72B60000-0x00007FFD72B70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3583-0x00007FFD72D60000-0x00007FFD72D69000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3582-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3581-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3580-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3579-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3593-0x00007FFD70BA0000-0x00007FFD70BAC000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4660-3592-0x00007FFD70AB0000-0x00007FFD70AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3591-0x00007FFD70AB0000-0x00007FFD70AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3590-0x00007FFD70AB0000-0x00007FFD70AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3589-0x00007FFD70AB0000-0x00007FFD70AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3588-0x00007FFD70AB0000-0x00007FFD70AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3587-0x00007FFD70A90000-0x00007FFD70AA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3586-0x00007FFD70A90000-0x00007FFD70AA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3585-0x00007FFD70A00000-0x00007FFD70A10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3584-0x00007FFD70A00000-0x00007FFD70A10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3578-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3577-0x00007FFD72C80000-0x00007FFD72C90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3574-0x00007FFD72B60000-0x00007FFD72B70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3602-0x00007FFD704B0000-0x00007FFD704C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3603-0x00007FFD704B0000-0x00007FFD704C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3600-0x00007FFD70490000-0x00007FFD704A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3612-0x00007FFD710B0000-0x00007FFD710BD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4660-3620-0x00007FFD716B0000-0x00007FFD716B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3633-0x00007FFD707F0000-0x00007FFD70816000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4660-3625-0x00007FFD70750000-0x00007FFD70770000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3637-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3636-0x00007FFD72CD0000-0x00007FFD72D00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/4660-3635-0x00007FFD72B50000-0x00007FFD72B51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4660-3634-0x00007FFD707F0000-0x00007FFD70816000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4660-3632-0x00007FFD707F0000-0x00007FFD70816000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4660-3631-0x00007FFD707F0000-0x00007FFD70816000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4660-3630-0x00007FFD707F0000-0x00007FFD70816000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4660-3629-0x00007FFD70750000-0x00007FFD70770000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3628-0x00007FFD70750000-0x00007FFD70770000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3627-0x00007FFD70750000-0x00007FFD70770000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3626-0x00007FFD70750000-0x00007FFD70770000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4660-3621-0x00007FFD70610000-0x00007FFD70620000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3619-0x00007FFD716B0000-0x00007FFD716B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3618-0x00007FFD716B0000-0x00007FFD716B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3617-0x00007FFD716B0000-0x00007FFD716B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3616-0x00007FFD716B0000-0x00007FFD716B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4660-3615-0x00007FFD71690000-0x00007FFD716A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3614-0x00007FFD71690000-0x00007FFD716A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3624-0x00007FFD70720000-0x00007FFD70730000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3623-0x00007FFD70720000-0x00007FFD70730000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3613-0x00007FFD71690000-0x00007FFD716A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3622-0x00007FFD70610000-0x00007FFD70620000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3611-0x00007FFD710B0000-0x00007FFD710BD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4660-3610-0x00007FFD710B0000-0x00007FFD710BD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4660-3609-0x00007FFD710B0000-0x00007FFD710BD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4660-3608-0x00007FFD710B0000-0x00007FFD710BD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4660-3607-0x00007FFD71070000-0x00007FFD71080000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3606-0x00007FFD71070000-0x00007FFD71080000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3605-0x00007FFD71000000-0x00007FFD71010000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3604-0x00007FFD71000000-0x00007FFD71010000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3599-0x00007FFD70490000-0x00007FFD704A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3598-0x00007FFD70490000-0x00007FFD704A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3597-0x00007FFD702E0000-0x00007FFD702F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3596-0x00007FFD702E0000-0x00007FFD702F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3595-0x00007FFD70170000-0x00007FFD70180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3601-0x00007FFD704B0000-0x00007FFD704C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-3594-0x00007FFD70170000-0x00007FFD70180000-memory.dmp

        Filesize

        64KB

        Download