Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

getscreen-...86.exe

windows7-x64

7

getscreen-...86.exe

windows10-2004-x64

Analysis

  • max time kernel
    53s
  • max time network
    60s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 07:18

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    getscreen-741290987-x86.exe

  • Size

    3.5MB

  • MD5

    7934e3fdb6a906d5fd32fd1055dad2cf

  • SHA1

    7461fc1ca4fdb7f96fd6e82044027304c55668ee

  • SHA256

    de246a85f33ecdbf6b0412d0aa34492e52d7047c50a901a990e7d73902b175bf

  • SHA512

    f4ec858706c869f976e2d09a65af27bbe6ddb2c64add907a785bb4296b6e87807f511bcdd0d3b8b1aa05a62a5f9f3854c5960bdb655f0a400e869fe7c40fb36e

  • SSDEEP

    49152:6dQ4omSYtiblkFLMYzIcE1x4MjjYp30g0KKpF1cER3iRHFdAQupummsDLlhySYJH:uQxmb+SpjxB0NpF6a37uuR0JxF5+g

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe
    "C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe
      "C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe" -gpipe \\.\pipe\PCommand97osyqldmkpjvexbw -gui
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3652
    • C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe
      "C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe" -cpipe \\.\pipe\PCommand96vxaqfkjimofsvef -child
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3464
    • C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe
      "C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environment
      2⤵
        PID:2196
      • C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe
        "C:\Users\Admin\AppData\Local\Temp\getscreen-741290987-x86.exe" -cpipe \\.\pipe\PCommand96vxaqfkjimofsvef -child
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2956
    • C:\ProgramData\Getscreen.me\nxjatraklibhabzmnubnxlrleiytlev-elevate.exe
      "C:\ProgramData\Getscreen.me\nxjatraklibhabzmnubnxlrleiytlev-elevate.exe" -elevate \\.\pipe\elevateGS512nxjatraklibhabzmnubnxlrleiytlev
      1⤵
      • Executes dropped EXE
      PID:1744
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x4 /state0:0xa3952055 /state1:0x41c64e6d
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:2360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Getscreen.me\logs\20240305.log
      Filesize

      726B

      MD5

      a57cd38ea9af872ac73e628ed80c8ec4

      SHA1

      de0b581fd9a792149d51f727722e66a4a768c019

      SHA256

      001e88d0d5172e7edc2bce9be08eef8956cced28a62c7b652e6f14836217bddf

      SHA512

      59d1ca5b02e8d74e0745b387ca6544044227b425315669aa295657c953bbfb1716bf3ec1bb775192caa9091a93511fb007efecf942fb063879a369fbaa4447ff

      Download Submit

    • C:\ProgramData\Getscreen.me\logs\20240305.log
      Filesize

      2KB

      MD5

      1c31e47577f3de6becdef76ea153d2a7

      SHA1

      f4ab8b129e34496bba2cd4c3ae58cdd36b9d6208

      SHA256

      a5f30424b7bc529558fb1cc6996bed14fd4c78f33ad93934bf2ff23e6bb97ee2

      SHA512

      e8790ec10a43e571a486c5bdfa34ee21a757248259e18ae493cf97d9171f1a0d8e0625531741c6daa4d050c2f0248afa27f3ba6d53f3ac9d1761950b7c451cac

      Download Submit

    • C:\ProgramData\Getscreen.me\logs\20240305.log
      Filesize

      261B

      MD5

      30e7633bdd36448c26a733a2462fe398

      SHA1

      1953625edf494c8bb4ef604258f16063dcfd1c98

      SHA256

      c0b16608d841a3f93d3d414f4d02934d3cb4de3237498ada958063f012033245

      SHA512

      17ab629c7f043760aacd9e22117a2459b8878a3d598ce275e914779983595208291920fe3073faaa48462068a7d2779a9284c7328fe074c8005a5ce38f17870a

      Download Submit

    • C:\ProgramData\Getscreen.me\logs\20240305.log
      Filesize

      17KB

      MD5

      5535fd6106b64fcfaa51ed7f33b60091

      SHA1

      db978875c13a2a9f4407d497390edeaba388c3fd

      SHA256

      b6a2712a2283e62fea2a250236ffbc602c502b32da0082ee3af5b5d44e0b5a5e

      SHA512

      78e8eba3f79d44bedad8ea020080f1fff890845e30f0b896718474c214acba8591603e024c78c06efad989958313192f1ed8dba063d5a8133e92d0d16636527e

      Download Submit

    • C:\ProgramData\Getscreen.me\logs\20240305.log
      Filesize

      34KB

      MD5

      c2e72ab58067058b2e973a3051146a6e

      SHA1

      cf8e8fc036f2b5b98086ed55f49fe6494c1e1a85

      SHA256

      48a7dba1d7cf001ee1e5849115069ec181f04933cac970e3823e1f2ca2d11bbc

      SHA512

      5915db7aa52e6ee757cd897870ecfb15ac68a85470f9ad2b0235da797869c0a137420aecee6c36521dae1142f652405e8ee32c9111e377ed6573d6121abb07b4

      Download Submit

    • C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96vxaqfkjimofsvef0
      Filesize

      16.0MB

      MD5

      101aca71a5fc6af598fd222b4e42e0f3

      SHA1

      2e78790bae422cbd054cdf784927ad1780ca6456

      SHA256

      a10f2a41cdf8e666028d7b6e8f2fcfd1d9dc45e49b35ac16f59e1f496168b68e

      SHA512

      2fedcca5deb237617bd3cb3008d827b0f1530525b4782beb74ad32d0b37b22ad67b860a462013188022a4137cdc486972b36d9915c1f30101079df7312902f9e

      Download Submit

    • C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96vxaqfkjimofsvef0
      Filesize

      7.1MB

      MD5

      6ccc257d52d9f23a2fc89993fc12a31f

      SHA1

      16d34b7eddbc5f8a9119173e779e4de5e6594199

      SHA256

      e8058a08a8b43b116f90537d58a5c72c64c6b48dd3482a6a876348cef800f292

      SHA512

      dc9567817642f2a3ea57550cee78d00d7c3c96a795eae0cf5bb3ccb6ff5d60f62ca188eeea0722660ae978167e908a925f44e1ba4548550da103b7c2d774ffb1

      Download Submit

    • C:\ProgramData\Getscreen.me\nxjatraklibhabzmnubnxlrleiytlev-elevate.exe
      Filesize

      3.5MB

      MD5

      7934e3fdb6a906d5fd32fd1055dad2cf

      SHA1

      7461fc1ca4fdb7f96fd6e82044027304c55668ee

      SHA256

      de246a85f33ecdbf6b0412d0aa34492e52d7047c50a901a990e7d73902b175bf

      SHA512

      f4ec858706c869f976e2d09a65af27bbe6ddb2c64add907a785bb4296b6e87807f511bcdd0d3b8b1aa05a62a5f9f3854c5960bdb655f0a400e869fe7c40fb36e

      Download Submit

    • memory/1744-15-0x00000000008A0000-0x0000000001F8F000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/1744-14-0x00000000008A0000-0x0000000001F8F000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2196-37-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2196-40-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-46-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-35-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-19-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-0-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-44-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2908-52-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2956-50-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/2956-45-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3464-16-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3464-32-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-36-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-33-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-47-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-48-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-51-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download

    • memory/3652-4-0x0000000000910000-0x0000000001FFF000-memory.dmp

      Filesize

      22.9MB

      Download