Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

gjgkqcnicnlpa6vp.exe

windows7-x64

1

gjgkqcnicnlpa6vp.exe

windows10-2004-x64

1

Resubmissions

05/11/2023, 08:24

231105-katc9sfa72 3

05/11/2023, 08:20

231105-j8wevadb31 3

05/11/2023, 08:18

231105-j7qszada9x 3

Analysis

  • max time kernel
    210s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gjgkqcnicnlpa6vp.exe

  • Size

    8.1MB

  • MD5

    b59986274ba7b0d065874f38e62ce35f

  • SHA1

    84707eaa115b0f681627a8e3ac8a97aee23fcb3b

  • SHA256

    208711fd8c34b70281f67d99871976e0b35c5ffe5465906e63be6a943888129e

  • SHA512

    771dc948b38c2354b5b8116e6509c74b3d9cc2e8c751aa3cc93431db8f6a6ab8a966939814dc8ae46c47f47ba358e829ce925627a5de116690920340aaf50186

  • SSDEEP

    196608:v3nJLovsDgzFQPu145/kO+FI/bvdIXG6/8PScsVtGZq:vnXgzCK45/kOsI/hI26/8Pt0t

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gjgkqcnicnlpa6vp.exe
    "C:\Users\Admin\AppData\Local\Temp\gjgkqcnicnlpa6vp.exe"
    1⤵
      PID:1564
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2508

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2508-0-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2508-1-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2508-2-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download