Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

glock.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2022, 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    glock.exe

  • Size

    624KB

  • MD5

    93b9a3dfb164a815272ce238ee37b611

  • SHA1

    99a6a159942292ecdd5cf6011962a421b9424e7d

  • SHA256

    12a9140c0f387909cc5f26ebe4c80219adaae0145cb0d5cb720a557e603705b3

  • SHA512

    93a72d1a4a03fabbe657a9a25892b94c8bae6a0e67621f4f1b285eba747dc52bc16c49d5150645fa6d2bfb7c7f9528d4e5f6550282f336e6091510dea0815d8a

  • SSDEEP

    12288:zMXNsShHDYHwneUuhuGX4wm/55HoKt8twsnew7qN:zgNsMDYHAeUuQGXC/55HouGneiK

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\glock.exe
    "C:\Users\Admin\AppData\Local\Temp\glock.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1636
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 444 -p 3120 -ip 3120
    1⤵
      PID:2396
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3120 -s 2460
      1⤵
      • Program crash
      PID:2236

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads