Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

GTGInBlack.exe

windows7-x64

7

GTGInBlack.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2023, 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GTGInBlack.exe

  • Size

    20.5MB

  • MD5

    b59bfd444c21c72f128ec4c54ee41052

  • SHA1

    ba71d4a365263f3546034c95a7db08e440da904d

  • SHA256

    4f5c3cd65a66cb7d0c6702919fcdf555db2db8f6e9dddec41aac709f6c0d502d

  • SHA512

    eb9407052351262d828b923605632ae0703ce5c1f8d5900f011cd283aac1de757897b498090b3a04d68a4559a690236001cd1189e01d1dba254a4f0bf8d829f9

  • SSDEEP

    393216:hqPnLFXlodzrzlIBRPQDCSiGZ3gMLPPJ6Zj6ydAQsVqD:IPLFXCdzrUPQm2bDoN/D

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GTGInBlack.exe
    "C:\Users\Admin\AppData\Local\Temp\GTGInBlack.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Users\Admin\AppData\Local\Temp\GTGInBlack.exe
      "C:\Users\Admin\AppData\Local\Temp\GTGInBlack.exe"
      2⤵
      • Loads dropped DLL
      PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI13522\python310.dll
    Filesize

    1.4MB

    MD5

    d2db855332efd27f90bdc40139248fef

    SHA1

    0c855c2e897c4f3b823d4e0152ec8d82d05d4b37

    SHA256

    c2fb35fc301842b9258c90c68ec1c77fee87e3b6b811dfb53a80573115696478

    SHA512

    d3df6fcb9c08ef9d31695893587e37e82af9f9fb931463cea2b1ef26685646f2eaf660f743d3bdc57d82491e1edffb6ead1b3175632bd2d28f35784bb15da4f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI13522\setuptools-65.5.0.dist-info\INSTALLER
    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI13522\python310.dll
    Filesize

    1.4MB

    MD5

    d2db855332efd27f90bdc40139248fef

    SHA1

    0c855c2e897c4f3b823d4e0152ec8d82d05d4b37

    SHA256

    c2fb35fc301842b9258c90c68ec1c77fee87e3b6b811dfb53a80573115696478

    SHA512

    d3df6fcb9c08ef9d31695893587e37e82af9f9fb931463cea2b1ef26685646f2eaf660f743d3bdc57d82491e1edffb6ead1b3175632bd2d28f35784bb15da4f7

    Download Submit

  • memory/848-193-0x000007FEF5C30000-0x000007FEF6096000-memory.dmp

    Filesize

    4.4MB

    Download