Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Apache_Ope...es.exe

windows7-x64

8

Apache_Ope...es.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2023, 03:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Apache_OpenOffice_4.1.13_Win_x86_install_es.exe

  • Size

    125.6MB

  • MD5

    c9951f2d5caac8256213b82c2cb6ae6f

  • SHA1

    d76a5e24896606875ef89d12d4e3d90b3b6361e0

  • SHA256

    813d81ed71be50496fcf3fa21409bab06ad586950f5ac47530045bed5f94883d

  • SHA512

    f28bca5b9830432ba563a6a6ed46cdfe0eb284198ae007f969367d586758f50f2439c366939be5dabd863d35d4bc8d75bbedd25cbc6e3cbce47f87317d46a9de

  • SSDEEP

    3145728:c8BRTVKFlYz8BFu4XhGr9gLoLgsoY/F97FpdIoIRCmGL3Fmqm:fBx6P5ohgLe/F9h3ERCl3st

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.13_Win_x86_install_es.exe
    "C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.13_Win_x86_install_es.exe"
    1⤵
    • Loads dropped DLL
    PID:4780

Network

    No results found
  • 67.27.154.126:80
    322 B
     7
  • 67.27.154.126:80
    322 B
     7
  • 20.189.173.15:443
    322 B
     7
  • 67.27.154.126:80
    322 B
     7
  • 67.27.154.126:80
    322 B
     7
  • 67.27.154.126:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsbFEC8.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsbFEC8.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    ece25721125d55aa26cdfe019c871476

    SHA1

    b87685ae482553823bf95e73e790de48dc0c11ba

    SHA256

    c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    SHA512

    4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.