Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5d68834643...26.exe

windows7-x64

7

5d68834643...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d6883464307b25c817f9a36f97ca626.exe

  • Size

    599KB

  • MD5

    5d6883464307b25c817f9a36f97ca626

  • SHA1

    c16077ddb69d3a570a86c5a41c5538267c17ff0f

  • SHA256

    14d18ccbf2c0f1e5d4c99c3e706e9f1a9a853d3ee720a9b600147448e22b1ecd

  • SHA512

    8d340a86a50443728c536fff4a2076c8d23433007f1f3f1ce658b326cf8381e01a982a65cce2f109cf5a9c0d42727bf960052f1eb2df6dc606f334aeb17837f3

  • SSDEEP

    6144:XKWlw1Dx1TgzK7Yi06sCxVajmzx9S9HNBLlpY4Yi0flysVufBn597NX2F:X7lw1DxhgzaY5MxVaRPKxysgfBnnl2F

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d6883464307b25c817f9a36f97ca626.exe
    "C:\Users\Admin\AppData\Local\Temp\5d6883464307b25c817f9a36f97ca626.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4520
    • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe
      C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe -install -54474105 -chipde -02ea0a5f44e94a859e8d6c08d7989357 - -ChromeBundle -uwthvnqceunaczeh -655738
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe
    Filesize

    9KB

    MD5

    7448afd00a627b962b60cf5fa7b906fa

    SHA1

    bbe6d31c3af96f7cd27dd9604bfcca96c4a626e5

    SHA256

    c842e7d740907b6c03262f3a0875725c3a7fe256ca954b61bb666d5d8d0f19a0

    SHA512

    356cdd34847a63b0a1a6ca566287a9cee94152a9edc3c6c2d1c8c4a5db1633deaba80fd112cbb059eb4c6b247dda847aabc7b541c93c18fe18a54465322e84e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe
    Filesize

    20KB

    MD5

    3155f2bf9a35ebe15862b45a39ee13a1

    SHA1

    126745d28033bf94d332bd6dd85d90dd91599df7

    SHA256

    bae12fd17abd4068e7fc1af096116e8e0775da1ab79f054983447834203da8e5

    SHA512

    97306570b14a8ef2358e3184a3c52cd39765d9629543b89ba7fab5a99839fe7f7064fbe5f5271c45c329f1b9f18aec36756fcd5c1314fd00e4421eb78598da9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OCS\uwthvnqceunaczeh.dat
    Filesize

    83B

    MD5

    0a139d93ddc2a474772392e6f50ef6f5

    SHA1

    a301d3cd82496920f68a585d58862f38a5be67a4

    SHA256

    0246cfdf76a7c9bf986941df9d68a7dfbdbdd559881e3bb24c9683d2a132e7f0

    SHA512

    13187b2a7a6ed25b545fc0a53692502f402f1f643867615be3111e4f9f88ee8e0823462e1b1e123a6507bb75d20a13247eab01e0177aa53d0d8f0c35d46fbace

    Download Submit

  • memory/4868-10-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4868-13-0x000000001C7D0000-0x000000001C86C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4868-12-0x00007FFE2C400000-0x00007FFE2CDA1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4868-14-0x000000001BD20000-0x000000001BD28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4868-11-0x000000001BC60000-0x000000001BD06000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4868-9-0x000000001C250000-0x000000001C71E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4868-8-0x00007FFE2C400000-0x00007FFE2CDA1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4868-16-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4868-17-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4868-18-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4868-19-0x00000000013E0000-0x00000000013F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4868-21-0x00007FFE2C400000-0x00007FFE2CDA1000-memory.dmp

    Filesize

    9.6MB

    Download