Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

graveyards...02.exe

windows7-x64

7

Resubmissions

30/06/2024, 13:17 UTC

240630-qjt9taybpg 7

30/06/2024, 13:09 UTC

240630-qdstss1glp 7

30/06/2024, 03:17 UTC

240630-dtg11stalh 7

30/06/2024, 03:03 UTC

240630-dkejjawfnp 7

Analysis

  • max time kernel
    261s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 13:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    graveyardshiftatfreddysdemo102.exe

  • Size

    163.2MB

  • MD5

    811e3512d113c87c4cfe13f4cc24f2bc

  • SHA1

    d728c08e47a45fd29ab49667207cff915592cba5

  • SHA256

    200ad283a72005b069d0025999780e6fac7821626fbffb46a9096ad24c8d6962

  • SHA512

    10da601c48e4299e3b38d1681fb26c0969ff91e5c9d0c1022dd3b0129b6f49ba4f87e592176c532843c922d39fbef3916c9406d146c68700394073a2812b6850

  • SSDEEP

    3145728:IvIk1XGhMVF3Qa4/JnpiL/l/XUXnCVCeXVa5J7xpUpH9:k57VF3Q1iRUXnCVXXVa5VxpUpd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe
    "C:\Users\Admin\AppData\Local\Temp\graveyardshiftatfreddysdemo102.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\theresnosteak\GSaF\burger.ini
    Filesize

    56B

    MD5

    84150f0d0510cb0a05e1b026f94ca7bf

    SHA1

    18e3f0ae6ad84efb5a9682935cf5532631860791

    SHA256

    aa37e1ee4c2e0ca8b44ae047b06ae3c17036ead59eafccf0a9a9161c03cbc708

    SHA512

    3fad27ee09d26088214f1dca01f999e5054b80499c76107c974519daaa0155255624f3b56d95794d66dbb7c3334a0b06af811c936370674391c6f3578a7a1722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DBase.mfx
    Filesize

    287KB

    MD5

    0572d03da13e13cecdccff2e64f9f4f5

    SHA1

    a1fcc08ac261edeb3c2b95f007c93fe1398583c7

    SHA256

    c4507e348be20dacff1caf80047009924a7dafde2f6d4fcd3a119e36c3b0a259

    SHA512

    68790d0a9b0ccac5389e551408c10bcb2430daa28162bf8de29fe327c78c72bc61181366d6e0f61ba661977daa825aa865255b71ba4cd0ecbc0f403d608d71d0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Box2DParticules.mfx
    Filesize

    125KB

    MD5

    285d57468bc22f79d6d244db2787f9c0

    SHA1

    73d27e8ad6b14ae148afb858f6b2583f14820915

    SHA256

    d5596235a137139c43d429fd1099c4b66be6fc89ee61b80171f03489d316be28

    SHA512

    461e4029677ae393853c88510ae48d1c8d1a2ba4dde50d8e11da226b646397f2e5dd958b53ab1e614f9917742b85deaa56dc0f38c4b7763012f5e82f89a733fa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Easing.mfx
    Filesize

    341KB

    MD5

    3920bb2225392a9c9fff0341d5629fb1

    SHA1

    f343ea16abbca4719fef5ff1dfa0847032ca9b96

    SHA256

    2005746083dbf962c0d22eda7a09ca065429f3d3f282129cc6c8b7295535ee75

    SHA512

    c162265eb220daaa36b478235f1ea8f1e6565a25584b568444fa89a59f1c3aa3778312fcb866a95fb320f1fc832045feff62ef7d8dac4ae4d79b9631a0094f59

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\INI++15.mfx
    Filesize

    439KB

    MD5

    760454c677adda4b319272641680e331

    SHA1

    348f18fb00889c3058451c2f034b51d6965522af

    SHA256

    4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

    SHA512

    62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\KcCursor.mfx
    Filesize

    36KB

    MD5

    7f13cd709928cf74d10925042a674e1e

    SHA1

    3e831d6b162a606368ed173807fe75029052e0ed

    SHA256

    947a3320e1d7d5d48dd4e86c76238c37f9e67388ceb24732023c47802733f873

    SHA512

    9a4c3b6420f70f5bbd994091fa6634bbb05f7b8e891bab71556a703c768870ef8271b27b88749d9eddbd006dfeaed0fb86950543f347ef71c27dfa4920040001

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\Layer.mfx
    Filesize

    140KB

    MD5

    ef12eb1b8b4a804bca741734787fdfd2

    SHA1

    43b8f7571067bfd2d7762f6d5c69fb6978894f37

    SHA256

    b8612eb76d8967e49e9ba74a2cbd557096bacfbdb2c6e84d69d381b76d42052e

    SHA512

    55c2aa823ff69bea48948b04912e1d31465d9a9817ef53fda2957d44451d58fdb2efcf3c40c8431d26d8663f70729e57bbddaeca848ab4d6658f0d5b211d2f2d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcfile.mfx
    Filesize

    116KB

    MD5

    fe2b4c6a45ce244f1c40f730008465c9

    SHA1

    9dfd41a915c19a4520a3024e9133e9a24e61779f

    SHA256

    7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

    SHA512

    caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\kcplugin.mfx
    Filesize

    24KB

    MD5

    3735e9e74bd2933ff7317cb500d9a1e5

    SHA1

    4bb8db39a5fec92473bcb590619c5d2015addcc7

    SHA256

    10491218743ff2421d8d5cbbe622afc23b2256f27cebbd5ad6f035d914b9a2bf

    SHA512

    2484cc4b2b4c939b3063c7877bd9e0672e907a19515951ff658427ad167d7ad1d46b5d46099f0bcb84753cf34ea557b28ea3a6950fc8f0516c98231df7ca8670

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d11.dll
    Filesize

    548KB

    MD5

    07163378491db6156398fc8e6582564d

    SHA1

    6c702d8501431d38e8d392093795444a3900b004

    SHA256

    2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

    SHA512

    296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmf2d3d9.dll
    Filesize

    1.1MB

    MD5

    72bb9180f8905c0da95566b778cdac5e

    SHA1

    e96145e8120514092b35f67f1f120b958997f921

    SHA256

    3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

    SHA512

    c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\mmfs2.dll
    Filesize

    510KB

    MD5

    1e0e5acec2f2d3567c40491e39aa8f50

    SHA1

    101ec3bbd32c005b12b38c0f7988faa9329a019f

    SHA256

    6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

    SHA512

    80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\oggflt.sft
    Filesize

    130KB

    MD5

    0c8c1ee3ba92189f4ce21d1b396a2765

    SHA1

    b7daa4a6e16416151dccbb0a89f304961b6cb627

    SHA256

    9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

    SHA512

    0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15555075-8415-4d81-9dfb-110565ac2038.FusionApp\waveFlt.sft
    Filesize

    8KB

    MD5

    57ea61dd14314ef155e80c6a0be8a664

    SHA1

    963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

    SHA256

    92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

    SHA512

    cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

    Download Submit

  • memory/2424-37-0x00000000005A0000-0x00000000005C2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2424-50-0x0000000000BC0000-0x0000000000BE4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2424-26-0x00000000003B0000-0x00000000003F9000-memory.dmp

    Filesize

    292KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.