Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

mssqlclient.exe

windows7-x64

7

mssqlclient.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mssqlclient.exe

  • Size

    7.2MB

  • MD5

    8c4d4ce0da7b7c9ca7b06a1782861c8b

  • SHA1

    d7982a171377f64335abd29841b94e7d425149ab

  • SHA256

    904a001ad82f09cd0cb1e1945b29f9120beb603f7d116bd27a18e6a74db6b53a

  • SHA512

    d4ae14808bd0d982d6318ca24285dcf71bdb7ff75075be791a8458e7b133f6a409c1b0e461490632017764d1713d47068fe74e09b2103162652495c0f3f6c5de

  • SSDEEP

    196608:C97lX+aFF9MMDJZkyVulPKQ8hY/DksMWsD/4c1+:C97lrFF9MMDJuyV/HYgCsDgc1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe
    "C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe
      "C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe"
      2⤵
      • Loads dropped DLL
      PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI17362\mssqlclient.exe.manifest
    Filesize

    1015B

    MD5

    767c006582a31dff525de9b3cae1127c

    SHA1

    8941118ebfdc9a1ca466e3cb57aff916452ba59f

    SHA256

    28b371a7905eedb2b3e6526cf6fa493813458946f2c2cf45f39b15870f9f306c

    SHA512

    374b3c1f79cb41b018437064fd3c2c7714969e64ffbb915d17cb08e0c36d8831d4878cc67caeaeeec828855529ec08f3f1e5a9ac1b03ee65aee276cf4f83b78f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI17362\python27.dll
    Filesize

    2.5MB

    MD5

    f62614576d12991599a562377e870761

    SHA1

    fd8ddbf35520651fec9bc6b2f6fb7ec55c1517cb

    SHA256

    6683344b81bd821cf2d18a6eaf221b21cdb46df6a1f9fafac5171d022e5a4bbc

    SHA512

    faf67de33bfbe1369c4639d90a7bf2dc64dc507dee27acb7f4de364c3aa2d2e1e938254557e77de7c96e462e2cafaec3fefe607bb5ba4de7bd50132cf4276655

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI17~1\Crypto.Cipher._ARC4.pyd
    Filesize

    8KB

    MD5

    35cf493fa03a4b8a79666c23fea1da38

    SHA1

    9fb5ee963472f1d1754b6ac568574ebbc3ace8ab

    SHA256

    cda807a9cb5515f37b030f6ef4153b1e58b946a710af498173a756516d77a1d8

    SHA512

    8be08d249b18c244e789d4a3de21c4ddb1ee8e62aa75c84d0ea33afc746ec9cb7540d77c3966ca8e465ce3bec498f62c41d8034110721c764a6605dc0256febb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI17~1\_ssl.pyd
    Filesize

    1.3MB

    MD5

    10550e3dde0b163c97f489d8f89dba4d

    SHA1

    e29b6e3367e9d08a13946862d0398c31a0502a14

    SHA256

    ae573e679fc5df0a4178d710766d5e712354faa4a71541818316e832becb767f

    SHA512

    5ca65655981b7faef3c1d1c49ddaa84610ccee7214111d0ac2c2e8ed8aa36d594f00f3d3e7c399bc258b51210a6c9c7de32b291f917deb9c580b510081c7e93a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI17~1\cryptography.hazmat.bindings._openssl.pyd
    Filesize

    1.1MB

    MD5

    6263b6560f07b988b85adeb86772e2a5

    SHA1

    5ca97ba7e8a101a68d3156cd71ad5572ca7febd0

    SHA256

    86daf5aaaba5e4ab53fd5f9a624f733aebe73139905d5826dd400169e41ff37c

    SHA512

    5e1b1e5aadfd4eee754a9c6ac82d1fc2adbfa1d4da9b017846fc87fe08d3c4068e3ad413f104e95af56850ad5a3f986bbc025857af7a6f80c1cfb180f810a481

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI17~1\select.pyd
    Filesize

    10KB

    MD5

    efb6435cb9fb6462132181738c729885

    SHA1

    0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

    SHA256

    039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

    SHA512

    6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17362\python27.dll
    Filesize

    2.3MB

    MD5

    874906e3d38c82f35e69b6b37bb7b97e

    SHA1

    7b4c1104321ff000482215841c98939ef822713f

    SHA256

    1b28e3e3ddf371bdc0f674ea29c9225d57d99e4343fdf4b214289c8150757e27

    SHA512

    8d36abae8deb7026acd35a9892f4ed857314fc29a66f3accf67ff58439d262f112d9daa356019524dc4709eedd330ef07a853c8cd983c13fbc0ee0700936011a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\Crypto.Cipher._DES.pyd
    Filesize

    53KB

    MD5

    4142eb42a87310d01ed50ec82f4dffc1

    SHA1

    d62775001498e4298b03ef496baa8fc1b3d0fe1e

    SHA256

    a2bd61a869173321d34f835d409d3a5a251797bf63f531d25396778bb39454cd

    SHA512

    6c581f995e09d300727bab47a93142fd9ea0318d9662b316c7f486f22626155319ca7155bafdd987621a6ad1cdf5d5531eac6fb8409c4e7a039729e9935145fb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\Crypto.Hash._MD4.pyd
    Filesize

    10KB

    MD5

    1c303a89853532c1cdfa59cd543bbf2c

    SHA1

    e77a8c85d526dfac464fe2fd1d65c3b291ee09ea

    SHA256

    5a95d92de1e906b8e12725c0628080313e271ec6b7f29e8d14951abccfe8112c

    SHA512

    8adcf9eafea044113d2aeb11a9835c7dbb60f1dda55fe7f20411f85962cbdb1d4a2d6e35e54a0168d1c358419997f4c6dbbd769e9d144bd5776265969c01e213

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\_cffi_backend.pyd
    Filesize

    124KB

    MD5

    2409e1eb60aa992a684d92edf3850869

    SHA1

    03085afeeceb5013d6c9b583bd694de46d8b5276

    SHA256

    d14b245fe80e163c24fbfe517ea30f6630d15a10c0271bc21b1efd58911072cb

    SHA512

    dce1f7d5b7d8ccdad3540f0526c887865d5c81ad971a72b3dc0ad12da1ca7a45e98658c0b9a96ff88d512f59dd3a82d93ca9928523561cd16f575bf94c6f9186

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\_ctypes.pyd
    Filesize

    89KB

    MD5

    9e6c48ec9508423d0ce6b6e4d4a10d90

    SHA1

    82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

    SHA256

    b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

    SHA512

    37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\_hashlib.pyd
    Filesize

    993KB

    MD5

    b1dbd52e5da083e5b5613a2b4c17a4ef

    SHA1

    0ed87f9e0b572f88e102739daab54db03fade416

    SHA256

    fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

    SHA512

    dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\_socket.pyd
    Filesize

    45KB

    MD5

    600de8a82e2204e88df27714687f88b9

    SHA1

    dac20e0bf5482a6f09648648bc4d38562473c89e

    SHA256

    a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

    SHA512

    3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\_ssl.pyd
    Filesize

    1.3MB

    MD5

    9b59be1fa8427368c4e0e763f578d74c

    SHA1

    7287fe431a0a67aa41e9952906759746ddcffad1

    SHA256

    4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

    SHA512

    6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\cryptography.hazmat.bindings._constant_time.pyd
    Filesize

    7KB

    MD5

    87f7f14305e898dc7bc5ec6ce33e9e98

    SHA1

    09345490a299ad65f0b3abaa8c857852456ed8bd

    SHA256

    92ea01d3133c807a3c13f924e2423f47e2237c20453da741ffb8d28eb0eccc08

    SHA512

    770348233eb3c5fb38a2ce2a80c156b175517c29e6d7a34a73b4b0296fa210322447cff3d6b68c486d0024f4b0da269ac70ed27e2a7f7626e3811c9e5f3ed118

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\cryptography.hazmat.bindings._openssl.pyd
    Filesize

    1.9MB

    MD5

    92af8af2a51542da21f44c238d9e4a28

    SHA1

    40047df4d1e80c739667c9306c64b6e4de618ccd

    SHA256

    ff263fad31f755132aa2a8da72c845d9d44061548acca7d399e3c3b6df7b5b74

    SHA512

    905e3b30dec257e9d244624658557166b01f74740e930745c853e9e52437f9ea6be2553007645220a56dadde0a0147d650bf2df6ed61f21585a61b8cf97933f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI17~1\unicodedata.pyd
    Filesize

    671KB

    MD5

    a13020f231b588d46aaf82fe9314efdc

    SHA1

    fa43858266fbfa564e98fba78f7e8634659f2dfe

    SHA256

    426d241e6480cecaf55a23ac686311a362548377edcfbfc920ac4cfbe3ea479c

    SHA512

    ed759afde4cf4960f059162b945c5de0e8270780004309c85093684ebfba93cfbb6e642e9db667ed852e8ceaa8c7c4386ff303db08713af4b31a4eeee45955f0

    Download Submit

  • memory/3008-52-0x00000000001A0000-0x00000000001B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3008-61-0x00000000002D0000-0x00000000002F3000-memory.dmp

    Filesize

    140KB

    Download