Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

green.exe

windows7-x64

7

green.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    397s
  • max time network
    402s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2023, 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    green.exe

  • Size

    33.7MB

  • MD5

    85e8476efa208bd85cfc215d49d4b8f6

  • SHA1

    934f95bb85180d51055c332b330d85378c9b907c

  • SHA256

    bcd1d2a09d608a71b409507b4ffb2a639efadebb3ab9932bab3cf13fd8631876

  • SHA512

    7607a21d9897eb865efec5f6ebd6efb2f84afd8c0628efb64b81075b4e4adc28a8d5f70ef291ea032534f594950748655dd196d33ffad5a56c73ff7b019bbf6c

  • SSDEEP

    786432:bNMekTMN2I8qKhm8faqcOlCscJ6g0daqD3H2K7E6vypuFA1iDHAprFgala7/p:KxNE0cyzg0REkypuFxLA19C

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\green.exe
    "C:\Users\Admin\AppData\Local\Temp\green.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:904
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x550
    1⤵
      PID:1224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\DRPC.mfx
      Filesize

      861KB

      MD5

      0aa331b547d0650059a75dbad66248f6

      SHA1

      df01d62ecb2d263c80248c144d0b6212c0910767

      SHA256

      5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

      SHA512

      9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\Easing.mfx
      Filesize

      168KB

      MD5

      052d1c7eed7b50a18eddc10dfad3ae22

      SHA1

      6f88687f930e73106d2b8af00f5317eca74e0c61

      SHA256

      1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

      SHA512

      ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\Perspective.mfx
      Filesize

      15KB

      MD5

      9f064bdcb066daa428db0ed9e33e785d

      SHA1

      3c0df73cf247ce49d1010fe0e2f722424fe43f4f

      SHA256

      090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

      SHA512

      4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\clickteam-circular.mvx
      Filesize

      28KB

      MD5

      670cfc229784a242beb960a430ae9764

      SHA1

      9818a8a255e58e28c1e7617aa7ab38f29067e4f5

      SHA256

      671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

      SHA512

      7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\clickteam-vector.mvx
      Filesize

      32KB

      MD5

      fb1d240db01b491174fc5c5547f18a9e

      SHA1

      ccb2cf55106198e1f4e373b3b8b581e1b21ec582

      SHA256

      621e16dc09011a87780f0dedd39a83a0eb45675ff71bf040f310f2df94acf5db

      SHA512

      c2c782ed0e1861b8b690051411d6c9135a08d176f50a5a2d23f6e1c5854ba691479dc5d4a8c9226fa3de6afe20b6a046acb3b3d3622b7502c9b516be753d420e

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\fontembed.mfx
      Filesize

      15KB

      MD5

      f38352c344bd71eb21a78a1b69dcade8

      SHA1

      eca1053fa4ce77f96752f400d4ffac8f2f158d15

      SHA256

      38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

      SHA512

      70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\kcini.mfx
      Filesize

      114KB

      MD5

      70b41d0034b884bbf9eadde2d3bffcb3

      SHA1

      26bc9f0ca51594f670ea59867ca9699dcc4d5335

      SHA256

      4e6c2fb8c5b6080a2ff32fecfa952f428cd0682b078debf70c118e359e73b36b

      SHA512

      de7fd065f92515e8fb03990b99f3ffb053a082be44d38c7be39147d5760318b7f1a696dd54d39cec4c61dd8c6df3f0785388b9d686dadbce875b58c926250de6

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\kclist.mfx
      Filesize

      32KB

      MD5

      996de686c54611b72f9ae3dbd706d6a7

      SHA1

      d4589030457cf3eb843cd55ec16a7603cb9817fc

      SHA256

      785d694308481aefe9bb8c787cab477a8051a97f963ec903e1e57099c8a7a8fc

      SHA512

      bf81facb4c04a39052f661254e2f03378c893179437a722fc8a91c400ec99412ee09231d8766f147b25169f9aa51b2559b4b1173d0e72f65d9ccc24690322675

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\kcwctrl.mfx
      Filesize

      80KB

      MD5

      4412d025fdadfa412d8c08e29238d9b1

      SHA1

      326deb060072faffb5e3c68be562e695e3af183d

      SHA256

      ed4ad0b23867de26d49e7a7e50cb9c5f33b07d20ac709f8f3855224ee52de15b

      SHA512

      114ab8bbaf429c1d5c83de538f38cf07bc6b476acd863ee9b9733293ba2e01e0f61671183d21449ac67704112ba0e9534cca8561c2d7f12f96e948b7e003f2e3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\mmf2d3d9.dll
      Filesize

      1.5MB

      MD5

      8cc5f39e0376554ca5eddf02e592d73a

      SHA1

      67876787bdf453e768d2f9eef468cd8815b19d2b

      SHA256

      e477443c7f358d8f8f1e6edd10ab891c78e5b64efd5728f434e07227064611ce

      SHA512

      e8bf1944f4df99dc1208160a78a278c562ce0a01b2fb5059abe0dc3477499459900c157a51862b4585d11afa448e013fc2fc1b11a2db52ee2e171c5f13d1e443

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\mmfs2.dll
      Filesize

      496KB

      MD5

      57b00788621f49bf3e73295fa28a6c43

      SHA1

      7c49651bdf041d9091cd1c2c107ba7c3b3b1e919

      SHA256

      be3490d6f1ce88bbc63feef67a9a7820c86c26b7bdcd4de318459b6c4b8f010a

      SHA512

      b861f4122cd23b3edcb659f0fc0ffba75b1d44140128df4fde4c5fea6b46a187b5fe4195d4da5933a985580bc9b50a89e2926ef21edf242b3b2e0b81325c6494

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\mp3flt.sft
      Filesize

      24KB

      MD5

      5bebc3ae0122702b89f9262888d3a393

      SHA1

      064731c0f1d493b5b82921fa78f06e3d1db95284

      SHA256

      81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

      SHA512

      c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\oggflt.sft
      Filesize

      130KB

      MD5

      0c8c1ee3ba92189f4ce21d1b396a2765

      SHA1

      b7daa4a6e16416151dccbb0a89f304961b6cb627

      SHA256

      9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

      SHA512

      0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\pinball.mvx
      Filesize

      68KB

      MD5

      b208ae4e862a6c6bd6b99bc31b7bf1f9

      SHA1

      9f7cd9ea0b400c63f11c0a6e7ca5546db7ff218b

      SHA256

      cbcd1b19716940cb7b48986dfd51f36bc9e04625c4b6face3822a16ed7b49825

      SHA512

      8ee62a8fcdc26527a2f2b733eefb4fa629ce6ea4cf65d382d95af691874839e88cca8ceaa7e267dc69aa886bdce42c2f64d3cd0743d01bd6f8fdf825fc4e74a3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\txtblt.mfx
      Filesize

      36KB

      MD5

      8740745e7af7926a0e7d3b194fb51fdf

      SHA1

      d7688925efd0287334d444a9e4bd584177ed0fbc

      SHA256

      09a214d9738946b14c4470ea95b45de41641e5d69b7559dbf336f7b4624859b0

      SHA512

      dc52c25b588f386cceb0eef912e0ac38ffb07443011c957ca3d0fda8c2c6d41e8fbcb33dfc1b7c5ff469216cd8c233d5025b88575bd10684827c18fb5ef52bb3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\ultimatefullscreen.mfx
      Filesize

      86KB

      MD5

      d9ae994eadde0d3418aedda4f712dc33

      SHA1

      402e8ca669a4fd6ff69399b7e08d2707f216c68f

      SHA256

      111c61d9e54b037a2c492b89cf6a82c62f81712fb9fd64a91c9dfc9486887349

      SHA512

      0c6b0a6df08ef8ecbd2bbbc1dd4534f42ea4f440eed45c98647d712945fd71b5fe484f1a76388724a82a6acb2b98e73efcbf82f0d3a329890215d0eecac20c9c

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrt4FF5.tmp\waveflt.sft
      Filesize

      8KB

      MD5

      57ea61dd14314ef155e80c6a0be8a664

      SHA1

      963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

      SHA256

      92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

      SHA512

      cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

      Download Submit

    • memory/904-97-0x0000000002290000-0x00000000023A2000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/904-103-0x0000000000260000-0x0000000000272000-memory.dmp

      Filesize

      72KB

      Download

    • memory/904-113-0x0000000000630000-0x0000000000654000-memory.dmp

      Filesize

      144KB

      Download