Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

GUI.exe

windows11-21h2-x64

1

Resubmissions

19/04/2024, 20:42

240419-zg5r7sfa67 3

19/04/2024, 20:41

240419-zgv8rsfa63 3

Analysis

  • max time kernel
    14s
  • max time network
    21s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/04/2024, 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GUI.exe

  • Size

    81KB

  • MD5

    6b33e924889c6c7d9b4b5c0867aaf79e

  • SHA1

    06e8bc356ae90e4176edf62c2d5eb0d1f882e7a8

  • SHA256

    fcea93fa37e5b12901ae32909f836742caf9598739fd3223da19152b29eaabc5

  • SHA512

    beb4c9cacc3acbba150aad6d46e3a4fca1cc985b000248335dbceebe198e9566bb104a04b1fdf61324a731ce31a1954fd82165888033c69c907a3dc34e50ca28

  • SSDEEP

    1536:+2Y0VNblnigen1FQGpaika1PASjg/oIRk:+23rbZi/8GprF3jg/oqk

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 36 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\GUI.exe
    "C:\Users\Admin\AppData\Local\Temp\GUI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c mode con:cols=0120 lines=0030
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3280
      • C:\Windows\SysWOW64\mode.com
        mode con:cols=0120 lines=0030
        3⤵
          PID:2948
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c title Window Title
        2⤵
          PID:5664
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\myfiles" mkdir "C:\Users\Admin\AppData\Local\Temp\myfiles"
          2⤵
            PID:2920
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Admin\AppData\Local\Temp\wtmpd"
            2⤵
              PID:2832
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c attrib +h C:\Users\Admin\AppData\Local\Temp\wtmpd
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:5208
              • C:\Windows\SysWOW64\attrib.exe
                attrib +h C:\Users\Admin\AppData\Local\Temp\wtmpd
                3⤵
                • Views/modifies file attributes
                PID:3624
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c echo:0>C:\Users\Admin\AppData\Local\Temp\i6.t
              2⤵
                PID:2248
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\i6.bat
                2⤵
                  PID:2968
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c
                  2⤵
                    PID:3116
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c pause
                    2⤵
                      PID:4612
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c
                      2⤵
                        PID:5000

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\i6.bat
                      Filesize

                      173B

                      MD5

                      0f8f70e88009593eefaa155a8e31b1d6

                      SHA1

                      eabcc3f2135e0919e9456da0a4b1084f3382d4b6

                      SHA256

                      941c169c07670650fc6c6148c1cae068b69bac209e05010594e164aafc7cdf8b

                      SHA512

                      94df468b963f3c9d133a25e1ffa57039fac01fe960f0f738552ca6440e6242ff48d0b410fe70dd05a62e4842c925c9f2b0220ca9eb9cb4ff5490ada443c9a750

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\i6.t
                      Filesize

                      3B

                      MD5

                      a5ea0ad9260b1550a14cc58d2c39b03d

                      SHA1

                      f0aedf295071ed34ab8c6a7692223d22b6a19841

                      SHA256

                      f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04

                      SHA512

                      7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

                      Download Submit