Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Gyazo-4.5.1.exe

windows7-x64

7

Gyazo-4.5.1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    25s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2023, 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Gyazo-4.5.1.exe

  • Size

    14.3MB

  • MD5

    974a311c7403249bdfd7925ab8643a77

  • SHA1

    cd386f131a13fa7bfeb8cf073d81b8e2dbd3d389

  • SHA256

    b54ba4ba78226ae1209a7b44fba1e620e312fd03fbd5f51f3756511b3720ae88

  • SHA512

    686d03c56ab48537418e12edd7b235dec217e57824a0b06ea88a1e24cfcdb507302c4fa623b4542753d01ec3762e643a336a550c5f0dbcab3bf6f162d68dce13

  • SSDEEP

    393216://BH5NkNQAQvvBMVlMxgFNV7tDviIbty3+kSrJQKqX8r:RHE2Aw+RNdV03+kSrJQKVr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Gyazo-4.5.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Gyazo-4.5.1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\is-ASH3B.tmp\Gyazo-4.5.1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ASH3B.tmp\Gyazo-4.5.1.tmp" /SL5="$60120,14400491,141824,C:\Users\Admin\AppData\Local\Temp\Gyazo-4.5.1.exe"
      2⤵
      • Executes dropped EXE
      PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-ASH3B.tmp\Gyazo-4.5.1.tmp
    Filesize

    1.2MB

    MD5

    5981811be5566aec0dbebd0017df73fc

    SHA1

    7e780a9b91fc636a627c18158ff6fa861f984a3f

    SHA256

    e28752d4062148f671ee411fb8d6c80e352875bd12998682b6ecc54ccaa41c6a

    SHA512

    83f52b80302f45a4f2f4f8f4c3b71cc4d0ad0bb4d5128742464ecd0f9bba363b199c7b1bc943e6e32bb0480e707b0e479f4af848e7926b2b4d20551956c1c47f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-ASH3B.tmp\Gyazo-4.5.1.tmp
    Filesize

    1.2MB

    MD5

    5981811be5566aec0dbebd0017df73fc

    SHA1

    7e780a9b91fc636a627c18158ff6fa861f984a3f

    SHA256

    e28752d4062148f671ee411fb8d6c80e352875bd12998682b6ecc54ccaa41c6a

    SHA512

    83f52b80302f45a4f2f4f8f4c3b71cc4d0ad0bb4d5128742464ecd0f9bba363b199c7b1bc943e6e32bb0480e707b0e479f4af848e7926b2b4d20551956c1c47f

    Download Submit

  • memory/2016-54-0x0000000076411000-0x0000000076413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2016-55-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2016-61-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download