Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GBWhatsApp_v17.60.apk

windows7-x64

3

GBWhatsApp_v17.60.apk

windows10-1703-x64

3

GBWhatsApp_v17.60.apk

windows10-2004-x64

3

GBWhatsApp_v17.60.apk

windows11-21h2-x64

3

Resubmissions

12/02/2024, 13:53

240212-q69b9afc5s 10

12/02/2024, 13:52

240212-q6r3zafc3w 10

12/02/2024, 13:34

240212-qt47rsge54 10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GBWhatsApp_v17.60.apk

  • Size

    75.6MB

  • MD5

    d73fa603bb7dfbd53f2ec4d05617b9e0

  • SHA1

    86f18b9d0ce32f3ff1c608ae4317329e4da44e1d

  • SHA256

    3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e

  • SHA512

    4e004ec348e58f8229d1e3b5d2137b64dc09234d355425d8fa5544e67a4d4d80d3e098c2ba7bd5659e443050bae7a404e1a35a2341cd6809b5e83e1078d8bbc2

  • SSDEEP

    1572864:2R4YowDIMNvpPjEYr3V1c4sQ0MmDKPwpJ4qHSXKTHcvmM0hV:26YoEXEqFR0rDG0THSmZV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\GBWhatsApp_v17.60.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\GBWhatsApp_v17.60.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\GBWhatsApp_v17.60.apk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d7f63cef21635cf5e332803c259108fb

    SHA1

    4a5b536f52307b71591a36118269e21465b308ac

    SHA256

    a69a6e493c1e8bf232cd3a3b93c8862f5f40d2816d2dbc7f38c2d8f311e3be32

    SHA512

    16b78c32b664668e18e318dc5967f0e8f1464af088e5bf049e5f97c64b20554b48d2bc9d6d772bc4b7113867cf3b4478391056d738ab122825a28ebb57c0e1a0

    Download Submit