Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

graveyards...02.exe

windows7-x64

7

Resubmissions

30/06/2024, 13:17

240630-qjt9taybpg 7

30/06/2024, 13:09

240630-qdstss1glp 7

30/06/2024, 03:17

240630-dtg11stalh 7

30/06/2024, 03:03

240630-dkejjawfnp 7

Analysis

  • max time kernel
    120s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    graveyardshiftatfreddysdemo102.exe

  • Size

    163.2MB

  • MD5

    811e3512d113c87c4cfe13f4cc24f2bc

  • SHA1

    d728c08e47a45fd29ab49667207cff915592cba5

  • SHA256

    200ad283a72005b069d0025999780e6fac7821626fbffb46a9096ad24c8d6962

  • SHA512

    10da601c48e4299e3b38d1681fb26c0969ff91e5c9d0c1022dd3b0129b6f49ba4f87e592176c532843c922d39fbef3916c9406d146c68700394073a2812b6850

  • SSDEEP

    3145728:IvIk1XGhMVF3Qa4/JnpiL/l/XUXnCVCeXVa5J7xpUpH9:k57VF3Q1iRUXnCVXXVa5VxpUpd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe
    "C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DBase.mfx
    Filesize

    287KB

    MD5

    0572d03da13e13cecdccff2e64f9f4f5

    SHA1

    a1fcc08ac261edeb3c2b95f007c93fe1398583c7

    SHA256

    c4507e348be20dacff1caf80047009924a7dafde2f6d4fcd3a119e36c3b0a259

    SHA512

    68790d0a9b0ccac5389e551408c10bcb2430daa28162bf8de29fe327c78c72bc61181366d6e0f61ba661977daa825aa865255b71ba4cd0ecbc0f403d608d71d0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DParticules.mfx
    Filesize

    125KB

    MD5

    285d57468bc22f79d6d244db2787f9c0

    SHA1

    73d27e8ad6b14ae148afb858f6b2583f14820915

    SHA256

    d5596235a137139c43d429fd1099c4b66be6fc89ee61b80171f03489d316be28

    SHA512

    461e4029677ae393853c88510ae48d1c8d1a2ba4dde50d8e11da226b646397f2e5dd958b53ab1e614f9917742b85deaa56dc0f38c4b7763012f5e82f89a733fa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Easing.mfx
    Filesize

    341KB

    MD5

    3920bb2225392a9c9fff0341d5629fb1

    SHA1

    f343ea16abbca4719fef5ff1dfa0847032ca9b96

    SHA256

    2005746083dbf962c0d22eda7a09ca065429f3d3f282129cc6c8b7295535ee75

    SHA512

    c162265eb220daaa36b478235f1ea8f1e6565a25584b568444fa89a59f1c3aa3778312fcb866a95fb320f1fc832045feff62ef7d8dac4ae4d79b9631a0094f59

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\INI++15.mfx
    Filesize

    439KB

    MD5

    760454c677adda4b319272641680e331

    SHA1

    348f18fb00889c3058451c2f034b51d6965522af

    SHA256

    4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

    SHA512

    62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\KcCursor.mfx
    Filesize

    36KB

    MD5

    7f13cd709928cf74d10925042a674e1e

    SHA1

    3e831d6b162a606368ed173807fe75029052e0ed

    SHA256

    947a3320e1d7d5d48dd4e86c76238c37f9e67388ceb24732023c47802733f873

    SHA512

    9a4c3b6420f70f5bbd994091fa6634bbb05f7b8e891bab71556a703c768870ef8271b27b88749d9eddbd006dfeaed0fb86950543f347ef71c27dfa4920040001

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Layer.mfx
    Filesize

    140KB

    MD5

    ef12eb1b8b4a804bca741734787fdfd2

    SHA1

    43b8f7571067bfd2d7762f6d5c69fb6978894f37

    SHA256

    b8612eb76d8967e49e9ba74a2cbd557096bacfbdb2c6e84d69d381b76d42052e

    SHA512

    55c2aa823ff69bea48948b04912e1d31465d9a9817ef53fda2957d44451d58fdb2efcf3c40c8431d26d8663f70729e57bbddaeca848ab4d6658f0d5b211d2f2d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcfile.mfx
    Filesize

    116KB

    MD5

    fe2b4c6a45ce244f1c40f730008465c9

    SHA1

    9dfd41a915c19a4520a3024e9133e9a24e61779f

    SHA256

    7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

    SHA512

    caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcplugin.mfx
    Filesize

    24KB

    MD5

    3735e9e74bd2933ff7317cb500d9a1e5

    SHA1

    4bb8db39a5fec92473bcb590619c5d2015addcc7

    SHA256

    10491218743ff2421d8d5cbbe622afc23b2256f27cebbd5ad6f035d914b9a2bf

    SHA512

    2484cc4b2b4c939b3063c7877bd9e0672e907a19515951ff658427ad167d7ad1d46b5d46099f0bcb84753cf34ea557b28ea3a6950fc8f0516c98231df7ca8670

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d11.dll
    Filesize

    548KB

    MD5

    07163378491db6156398fc8e6582564d

    SHA1

    6c702d8501431d38e8d392093795444a3900b004

    SHA256

    2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

    SHA512

    296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d9.dll
    Filesize

    1.1MB

    MD5

    72bb9180f8905c0da95566b778cdac5e

    SHA1

    e96145e8120514092b35f67f1f120b958997f921

    SHA256

    3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

    SHA512

    c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmfs2.dll
    Filesize

    510KB

    MD5

    1e0e5acec2f2d3567c40491e39aa8f50

    SHA1

    101ec3bbd32c005b12b38c0f7988faa9329a019f

    SHA256

    6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

    SHA512

    80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\oggflt.sft
    Filesize

    130KB

    MD5

    0c8c1ee3ba92189f4ce21d1b396a2765

    SHA1

    b7daa4a6e16416151dccbb0a89f304961b6cb627

    SHA256

    9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

    SHA512

    0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\waveFlt.sft
    Filesize

    8KB

    MD5

    57ea61dd14314ef155e80c6a0be8a664

    SHA1

    963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

    SHA256

    92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

    SHA512

    cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

    Download Submit

  • memory/2092-38-0x0000000000DB0000-0x0000000000DD2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2092-26-0x0000000000370000-0x00000000003B9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2092-50-0x0000000002630000-0x0000000002654000-memory.dmp

    Filesize

    144KB

    Download