Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

graveyards...02.exe

windows7-x64

7

graveyards...02.exe

windows10-2004-x64

7

Resubmissions

30/06/2024, 13:17

240630-qjt9taybpg 7

30/06/2024, 13:09

240630-qdstss1glp 7

30/06/2024, 03:17

240630-dtg11stalh 7

30/06/2024, 03:03

240630-dkejjawfnp 7

Analysis

  • max time kernel
    123s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    30/06/2024, 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    graveyardshiftatfreddysdemo102.exe

  • Size

    163.2MB

  • MD5

    811e3512d113c87c4cfe13f4cc24f2bc

  • SHA1

    d728c08e47a45fd29ab49667207cff915592cba5

  • SHA256

    200ad283a72005b069d0025999780e6fac7821626fbffb46a9096ad24c8d6962

  • SHA512

    10da601c48e4299e3b38d1681fb26c0969ff91e5c9d0c1022dd3b0129b6f49ba4f87e592176c532843c922d39fbef3916c9406d146c68700394073a2812b6850

  • SSDEEP

    3145728:IvIk1XGhMVF3Qa4/JnpiL/l/XUXnCVCeXVa5J7xpUpH9:k57VF3Q1iRUXnCVXXVa5VxpUpd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe
    "C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2340
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3508 --field-trial-handle=2004,i,3518780201612530827,12523116488201166376,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:532

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DBase.mfx
      Filesize

      287KB

      MD5

      0572d03da13e13cecdccff2e64f9f4f5

      SHA1

      a1fcc08ac261edeb3c2b95f007c93fe1398583c7

      SHA256

      c4507e348be20dacff1caf80047009924a7dafde2f6d4fcd3a119e36c3b0a259

      SHA512

      68790d0a9b0ccac5389e551408c10bcb2430daa28162bf8de29fe327c78c72bc61181366d6e0f61ba661977daa825aa865255b71ba4cd0ecbc0f403d608d71d0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DParticules.mfx
      Filesize

      125KB

      MD5

      285d57468bc22f79d6d244db2787f9c0

      SHA1

      73d27e8ad6b14ae148afb858f6b2583f14820915

      SHA256

      d5596235a137139c43d429fd1099c4b66be6fc89ee61b80171f03489d316be28

      SHA512

      461e4029677ae393853c88510ae48d1c8d1a2ba4dde50d8e11da226b646397f2e5dd958b53ab1e614f9917742b85deaa56dc0f38c4b7763012f5e82f89a733fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Easing.mfx
      Filesize

      341KB

      MD5

      3920bb2225392a9c9fff0341d5629fb1

      SHA1

      f343ea16abbca4719fef5ff1dfa0847032ca9b96

      SHA256

      2005746083dbf962c0d22eda7a09ca065429f3d3f282129cc6c8b7295535ee75

      SHA512

      c162265eb220daaa36b478235f1ea8f1e6565a25584b568444fa89a59f1c3aa3778312fcb866a95fb320f1fc832045feff62ef7d8dac4ae4d79b9631a0094f59

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\INI++15.mfx
      Filesize

      439KB

      MD5

      760454c677adda4b319272641680e331

      SHA1

      348f18fb00889c3058451c2f034b51d6965522af

      SHA256

      4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

      SHA512

      62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\KcCursor.mfx
      Filesize

      36KB

      MD5

      7f13cd709928cf74d10925042a674e1e

      SHA1

      3e831d6b162a606368ed173807fe75029052e0ed

      SHA256

      947a3320e1d7d5d48dd4e86c76238c37f9e67388ceb24732023c47802733f873

      SHA512

      9a4c3b6420f70f5bbd994091fa6634bbb05f7b8e891bab71556a703c768870ef8271b27b88749d9eddbd006dfeaed0fb86950543f347ef71c27dfa4920040001

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Layer.mfx
      Filesize

      140KB

      MD5

      ef12eb1b8b4a804bca741734787fdfd2

      SHA1

      43b8f7571067bfd2d7762f6d5c69fb6978894f37

      SHA256

      b8612eb76d8967e49e9ba74a2cbd557096bacfbdb2c6e84d69d381b76d42052e

      SHA512

      55c2aa823ff69bea48948b04912e1d31465d9a9817ef53fda2957d44451d58fdb2efcf3c40c8431d26d8663f70729e57bbddaeca848ab4d6658f0d5b211d2f2d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcfile.mfx
      Filesize

      116KB

      MD5

      fe2b4c6a45ce244f1c40f730008465c9

      SHA1

      9dfd41a915c19a4520a3024e9133e9a24e61779f

      SHA256

      7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

      SHA512

      caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcplugin.mfx
      Filesize

      24KB

      MD5

      3735e9e74bd2933ff7317cb500d9a1e5

      SHA1

      4bb8db39a5fec92473bcb590619c5d2015addcc7

      SHA256

      10491218743ff2421d8d5cbbe622afc23b2256f27cebbd5ad6f035d914b9a2bf

      SHA512

      2484cc4b2b4c939b3063c7877bd9e0672e907a19515951ff658427ad167d7ad1d46b5d46099f0bcb84753cf34ea557b28ea3a6950fc8f0516c98231df7ca8670

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d11.dll
      Filesize

      548KB

      MD5

      07163378491db6156398fc8e6582564d

      SHA1

      6c702d8501431d38e8d392093795444a3900b004

      SHA256

      2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

      SHA512

      296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d9.dll
      Filesize

      1.1MB

      MD5

      72bb9180f8905c0da95566b778cdac5e

      SHA1

      e96145e8120514092b35f67f1f120b958997f921

      SHA256

      3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

      SHA512

      c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmfs2.dll
      Filesize

      510KB

      MD5

      1e0e5acec2f2d3567c40491e39aa8f50

      SHA1

      101ec3bbd32c005b12b38c0f7988faa9329a019f

      SHA256

      6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

      SHA512

      80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\oggflt.sft
      Filesize

      130KB

      MD5

      0c8c1ee3ba92189f4ce21d1b396a2765

      SHA1

      b7daa4a6e16416151dccbb0a89f304961b6cb627

      SHA256

      9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

      SHA512

      0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\waveFlt.sft
      Filesize

      8KB

      MD5

      57ea61dd14314ef155e80c6a0be8a664

      SHA1

      963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

      SHA256

      92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

      SHA512

      cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

      Download Submit

    • memory/2340-41-0x0000000002C10000-0x0000000002C32000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2340-28-0x0000000002B90000-0x0000000002BD9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/2340-56-0x0000000002D70000-0x0000000002D94000-memory.dmp

      Filesize

      144KB

      Download