Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Greenshot-...SE.exe

windows7-x64

4

Greenshot-...SE.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

  • Size

    1.7MB

  • MD5

    c16f86882d5a102ed7a0fbbc0874d102

  • SHA1

    4e3ac7a53f0f368b9218bf717162d5e073a0f7df

  • SHA256

    1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81

  • SHA512

    90b7aac54467b266a9dd9ce7c83a156d3d99f7aeb1ad0e3e2ef5516b38270112dae07892e3e80765c3508484e3ee66e7439db0512a63b48f64e6b15e83285f67

  • SSDEEP

    49152:Cjt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3xog:AjkLlP2bClDC9Fjd

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
    "C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Users\Admin\AppData\Local\Temp\is-F81H1.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-F81H1.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$400F4,1293027,131584,C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-652V3.tmp\isxdl.dll
    Filesize

    121KB

    MD5

    48ad1a1c893ce7bf456277a0a085ed01

    SHA1

    803997ef17eedf50969115c529a2bf8de585dc91

    SHA256

    b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

    SHA512

    7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-F81H1.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
    Filesize

    1.1MB

    MD5

    d1a078992e232919ea834226aea627a8

    SHA1

    53f5af8c06721ef5b62f56037e3b57dc4b517eaf

    SHA256

    655da9c7f64ef8f0f48160c76b8dc5443aaba63e8c6b3534a266e9cd5a18489f

    SHA512

    e056370322e58725961c024d1f322d31066bffd8b8d77f80fc14d2b5861788ef00e5ebc3fa6f51a6b0a94bdb02e8fffea48926716275754dd77bbe0fb8e221f8

    Download Submit

  • memory/1760-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1760-2-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1760-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2308-8-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2308-15-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download