Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Gimemo.rar

windows7-x64

3

Resubmissions

14/11/2023, 17:31

231114-v3qg7acf42 10

14/11/2023, 17:21

231114-vxdw7sdg61 10

28/10/2023, 19:29

231028-x7cs1age56 10

24/10/2023, 13:29

231024-qrn3rsdb6z 10

18/10/2023, 12:04

231018-n8ybnaeb31 10

07/09/2023, 12:10

230907-pce1wahe2x 10

Analysis

  • max time kernel
    1758s
  • max time network
    1599s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    14/11/2023, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Gimemo.rar

  • Size

    10.0MB

  • MD5

    708eb8b29ff097cdaef6a7d3db9bb518

  • SHA1

    3000cb985e5f8c1096803263eac10394359445ed

  • SHA256

    1d0128fd3184a765076397dd308e51bbc578a3639cb9c08ab6b5c36704d772b4

  • SHA512

    6e2db26edc0f098fb7aeff686c2e2699d9b304c2c2eeb46fb3a16a4149cb9515cbdcf5ffde919489f96b4bbc2ff6090afd5a24823859b412479a3a3f40b35cbc

  • SSDEEP

    196608:ivXQswJLYzb1i9PMbo8Z4Fc2gJHP9JqxSylRkjCld2eAqFN:TXJLYzpqMbqO/FJpMRkWv2VqD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Gimemo.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Gimemo.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Gimemo.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2872-29-0x000000013FAB0000-0x000000013FBA8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2872-30-0x000007FEFB210000-0x000007FEFB244000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2872-31-0x000007FEF63A0000-0x000007FEF6654000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2872-32-0x000007FEFBA30000-0x000007FEFBA48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2872-33-0x000007FEF7C90000-0x000007FEF7CA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2872-34-0x000007FEF7C70000-0x000007FEF7C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-35-0x000007FEF7C50000-0x000007FEF7C67000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2872-36-0x000007FEF7BB0000-0x000007FEF7BC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-37-0x000007FEF7B90000-0x000007FEF7BAD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2872-38-0x000007FEF7B70000-0x000007FEF7B81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-39-0x000007FEF61A0000-0x000007FEF63A0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2872-40-0x000007FEF7020000-0x000007FEF705F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2872-41-0x000007FEF50F0000-0x000007FEF619B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2872-42-0x000007FEF6FF0000-0x000007FEF7011000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2872-44-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-43-0x000007FEF6FD0000-0x000007FEF6FE8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2872-45-0x000007FEF7640000-0x000007FEF7651000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-46-0x000007FEF7620000-0x000007FEF7631000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-47-0x000007FEF7600000-0x000007FEF761B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2872-48-0x000007FEF75E0000-0x000007FEF75F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-49-0x000007FEF75C0000-0x000007FEF75D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2872-50-0x000007FEF7590000-0x000007FEF75C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2872-51-0x000007FEF6A70000-0x000007FEF6AD7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2872-52-0x000007FEF6A00000-0x000007FEF6A6F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2872-53-0x000007FEF6B50000-0x000007FEF6B61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-54-0x000007FEF4FC0000-0x000007FEF5016000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2872-55-0x000007FEF6B20000-0x000007FEF6B48000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2872-56-0x000007FEF69D0000-0x000007FEF69F4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2872-57-0x000007FEF4FA0000-0x000007FEF4FB7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2872-58-0x000007FEF4F70000-0x000007FEF4F93000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2872-59-0x000007FEF4F50000-0x000007FEF4F61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-60-0x000007FEF4F30000-0x000007FEF4F42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-63-0x000007FEF4E20000-0x000007FEF4E32000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-62-0x000007FEF4E40000-0x000007FEF4E53000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2872-61-0x000007FEF4F00000-0x000007FEF4F21000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2872-64-0x000007FEF4A90000-0x000007FEF4BCB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2872-65-0x000007FEF4A60000-0x000007FEF4A8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2872-66-0x000007FEF44A0000-0x000007FEF4652000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2872-67-0x000007FEF4440000-0x000007FEF449C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2872-68-0x000007FEF4420000-0x000007FEF4431000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-69-0x000007FEF4380000-0x000007FEF4417000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2872-70-0x000007FEF4360000-0x000007FEF4372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-71-0x000007FEF4120000-0x000007FEF4351000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2872-72-0x000007FEF4000000-0x000007FEF4112000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2872-73-0x000007FEF3FC0000-0x000007FEF3FF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2872-74-0x000007FEF3F90000-0x000007FEF3FB5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2872-75-0x000007FEF3F70000-0x000007FEF3F81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-76-0x000007FEF3F00000-0x000007FEF3F61000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2872-77-0x000007FEF3EE0000-0x000007FEF3EF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-78-0x000007FEF3EC0000-0x000007FEF3ED2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-79-0x000007FEF3EA0000-0x000007FEF3EB3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2872-80-0x000007FEF3E00000-0x000007FEF3E9F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2872-81-0x000007FEF3DE0000-0x000007FEF3DF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-82-0x000007FEF3CD0000-0x000007FEF3DD2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2872-83-0x000007FEF3CB0000-0x000007FEF3CC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-84-0x000007FEF3C90000-0x000007FEF3CA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-85-0x000007FEF3C70000-0x000007FEF3C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-86-0x000007FEF3C50000-0x000007FEF3C62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-87-0x000007FEF3C30000-0x000007FEF3C48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2872-88-0x000007FEF3C10000-0x000007FEF3C26000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2872-89-0x000007FEF3BE0000-0x000007FEF3C09000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2872-90-0x000007FEF3BC0000-0x000007FEF3BD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2872-92-0x000007FEF3B80000-0x000007FEF3B91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2872-91-0x000007FEF3BA0000-0x000007FEF3BB1000-memory.dmp

    Filesize

    68KB

    Download