Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    OInstall.exe

  • Size

    10.9MB

  • Sample

    230629-bjqjascd9t

  • MD5

    ebc58647462ad9c76395ef451064d115

  • SHA1

    14e470812f13b278b2694a4cec5737a39784e9dd

  • SHA256

    414155bf11893ec64ba0f4ffb7de92885090845a0761cf8f6743462aa5991d5e

  • SHA512

    8a9ef093d151957ae3c4c8e572fcdbd2198398c95ff8186d532853856c12c8f9ae7408c4f24518c5903faa517ea4e1d5779e797c5a4d850073fbee3ab801e8cc

  • SSDEEP

    196608:2ZnMGjZsDEsCaYsGEHy61bgUhufRswPU2/V8Gd83/PALDP0PiaQxhwf+9zYul28S:WnjZhsCOU6ZgfPPPuGdnv0fzfoDYtB

Score
10/10
upx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16529.20154/i640.cab

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16529.20154/i641033.cab

Targets

    • Target

      OInstall.exe

    • Size

      10.9MB

    • MD5

      ebc58647462ad9c76395ef451064d115

    • SHA1

      14e470812f13b278b2694a4cec5737a39784e9dd

    • SHA256

      414155bf11893ec64ba0f4ffb7de92885090845a0761cf8f6743462aa5991d5e

    • SHA512

      8a9ef093d151957ae3c4c8e572fcdbd2198398c95ff8186d532853856c12c8f9ae7408c4f24518c5903faa517ea4e1d5779e797c5a4d850073fbee3ab801e8cc

    • SSDEEP

      196608:2ZnMGjZsDEsCaYsGEHy61bgUhufRswPU2/V8Gd83/PALDP0PiaQxhwf+9zYul28S:WnjZhsCOU6ZgfPPPuGdnv0fzfoDYtB

    Score
    10/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v6

Tasks