Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

caf1bf6339...20.exe

windows7_x64

10

caf1bf6339...20.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01/07/2022, 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe

  • Size

    293KB

  • MD5

    a0d0319e501904cd74e51782e1ab74f9

  • SHA1

    b8f7c45ecf8aaabccff860356f03ef02b65f12f6

  • SHA256

    caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120

  • SHA512

    3cc308094f4dbacd5f9aabc45d074e0b0af08676a694cb2e2898d1880646b22a0b64bbc0211ebf53fea7e6de34c631df6d5632c834298e432f804f7b8f593f10

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Extracted

Family

oski

C2

ivchenkosvetlana.online

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe
    "C:\Users\Admin\AppData\Local\Temp\caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe"
    1⤵
      PID:484
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 1244
        2⤵
        • Program crash
        PID:4896
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 484 -ip 484
      1⤵
        PID:1392

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/484-130-0x00000000005C8000-0x00000000005E3000-memory.dmp

        Filesize

        108KB

        Download

      • memory/484-131-0x00000000004F0000-0x0000000000520000-memory.dmp

        Filesize

        192KB

        Download

      • memory/484-132-0x0000000000400000-0x000000000047A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/484-133-0x00000000005C8000-0x00000000005E3000-memory.dmp

        Filesize

        108KB

        Download

      • memory/484-134-0x00000000004F0000-0x0000000000520000-memory.dmp

        Filesize

        192KB

        Download

      • memory/484-135-0x0000000000400000-0x000000000047A000-memory.dmp

        Filesize

        488KB

        Download