Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

theoblivionv2.exe

windows7-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    theoblivionv2.exe

  • Size

    89KB

  • MD5

    69458a57c5513d9e2393a7a496143858

  • SHA1

    9dc8f2e524053864c085df0812234fa546933458

  • SHA256

    4d6a6a9f4d04420e39e5729698abc78e38547e674cd3c2c9d28a5b471cdf2ff5

  • SHA512

    b6d5d282ddb7ffa9d6dffd9eeaeabb0c05a271e269dfbaa06197cc1fd6776bf1fab13c56a98bd1b78840af7ce247d4cf14b014708f33c3760469bd3866ab0b13

  • SSDEEP

    768:OYJvmHzMnvDvl7R1E89NdOqP4UDLxGpijbdk8AQOY5BpvVV5RB:EH0vbdPhzF5BpvVV5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\theoblivionv2.exe
    "C:\Users\Admin\AppData\Local\Temp\theoblivionv2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c start http://google.com/search?q=malwarebytes%20download
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://google.com/search?q=malwarebytes%20download
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68b92279fb75c72c24885b9aeba680fd

    SHA1

    23bc9eb095792917528af72a7e3d9e4e15ed9a97

    SHA256

    ad35507bb01ebb06106a9029487bda2891f4338f96b8125b4780b5649c89456d

    SHA512

    6cdeb5ada8407ac110e7dfeea6257958de9b4b7220230db8120ace3e5e37a6b92ce6e6ec8d78220c626c628a4256d8de693c33331d52886638870e88d9e18b7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5628bc04dacf2e20bf3f477ebabf5304

    SHA1

    9280c5c578b01368e0ea5bf0799cabaf94ecdadc

    SHA256

    8a815b1a3292fb8bc435135cf65805d86e3a37ccb3c86ea814bddc66fed67d4e

    SHA512

    65994c1559d90e6b4137980d9db92c923c535783b6044ebcde411f4f4c16f967920c442b04c7db1d1d2a610c9b9de89196553644fe0540247353e157a4031c48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b15d75cb3aef260cd6d8c908b5e6039

    SHA1

    8e010a06d9f0cdaacceda59c290aa0d786aea211

    SHA256

    ecefb07f000edf1b6769adeef340a6b1965098cfdc4fb87e34084ccc1aaec75c

    SHA512

    7625b5ad31bf6a49fe22ebf6d8ddadfe50ca6bffa4ccfd327597e7bca598021b4cb1e0c4e0b60f25794e6b0e399eed25aa17cd47413b7988e0d2a09d721d8380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8fa4ea437fa65e734ec83e9a3810ab38

    SHA1

    eeaad42e42198e6c29d38780395e53f69ae61eee

    SHA256

    d3ec8dade6c9bd9a79b1f2250e068f9509ee9160f01a5fb09388611e5f526255

    SHA512

    e9acbb3a63876967ba3811c5b6964a89a638f88c09682ee8f07f283bb7f8fdbb5e1b5a816f60e6308f67c93651ecf320540f2da499a7fbcd8f3bca906e9ebf61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    392a03988090172ca77b9e02a5595686

    SHA1

    d0a3af432d9699cf00674a6d1c0455881a8b7d01

    SHA256

    935e28a3392d3c6e9b11c80a2fe3522b5c73932215ee761e577a906fdc8bf769

    SHA512

    a3d2e080d570421a440e22fc6208a67fbef80e83da829fc5b8598700b05326df3817d6d69d2d3f8f792ad3ed3208d4eff4af482ef0bdc4f83254bef8e5ccd488

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ac5a924c0a3a10e4bdcf96bd80e149b

    SHA1

    82e8beda523ee0896b2b22b746cf7c08d8e8557d

    SHA256

    657b8574b455a0772c33e7b49010ffa6d03272cca75aee0970bd4f4d69875a15

    SHA512

    59733d500320cc99133c1aec801331f545a7eaa80346c66cb934ee3b5e531fc46263311f7ce962d6816edd68edc45fc3387c1db87116cbbdafc3921efeb2ee75

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z0DUGVSP\www.google[1].xml
    Filesize

    539B

    MD5

    531c313d7bf233ddfaf65a0c9697bea1

    SHA1

    c2b57668cb60e3c30624cc4cfddbb86bc62f28f6

    SHA256

    4cee0d39f7291113d97d03930ad1535fc24c40d50cff9beb7b146cb60a375a99

    SHA512

    fef892b03d9f356c0e232882162cd5d57f08f6f8eb61203916b044ce9ff181da3a7d66fa0dad38c9f5b27a16155726d0e62ccc4a23823e4559b023073452adae

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z0DUGVSP\www.google[1].xml
    Filesize

    98B

    MD5

    ec750d80d9d377f93dbc17e00ada3ffc

    SHA1

    3d237633bb4b847c4ffc46192643f28f129c67a8

    SHA256

    d2259b0018346ffa21efe6f7a67dc8c90c92a15ed70500c160854fe9afbbd87b

    SHA512

    5ed21602ec3e93444244d27a48ab831df268462b5ccec312a06a2cf4d993fd075e2c0dd48dbba6b7a761de1a7bc97d90e7dca26a4972034ed175fcf637e549be

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat
    Filesize

    5KB

    MD5

    378655db04a9ecdbf29a9bfadb359318

    SHA1

    77d6f3aeea73d258589bbe8232beba216f37fbd1

    SHA256

    836730787e3ec49c26015a8d3f27ded131b9ae5d83801c03b63b4d862a45866d

    SHA512

    dc03500f6430b9607c634d235c90b6ae5a3c0b4400dd8066d5b94b7cfc1f3858d59502e3b6540f64647170e6e3b12161912ed25f72b1e5b450ce6e8fd4e78d54

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\styles__ltr[1].css
    Filesize

    55KB

    MD5

    eb4bc511f79f7a1573b45f5775b3a99b

    SHA1

    d910fb51ad7316aa54f055079374574698e74b35

    SHA256

    7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

    SHA512

    ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\recaptcha__en[1].js
    Filesize

    502KB

    MD5

    37c6af40dd48a63fcc1be84eaaf44f05

    SHA1

    1d708ace806d9e78a21f2a5f89424372e249f718

    SHA256

    daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

    SHA512

    a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10[1].js
    Filesize

    23KB

    MD5

    3b4f49bd3bc99583bcd4c79da82d7787

    SHA1

    474d35727e1544a4ec3871f5a446036b8597b635

    SHA256

    a3158b10c1d39be3c794cd96201e1a39bccf561f4e4fd2838cf892060bea935d

    SHA512

    41ec47da01ba75580969fe76201399fbee12eaf4dac101c5bb09432492404b08bb77780a41dcea397183da96b68ef096e53c64b0615449dce7676212ef0cd992

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C75.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4609.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2008-21-0x0000000001040000-0x000000000105A000-memory.dmp

    Filesize

    104KB

    Download