Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

mssqlclient.exe

windows7-x64

7

mssqlclient.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mssqlclient.exe

  • Size

    7.2MB

  • MD5

    8c4d4ce0da7b7c9ca7b06a1782861c8b

  • SHA1

    d7982a171377f64335abd29841b94e7d425149ab

  • SHA256

    904a001ad82f09cd0cb1e1945b29f9120beb603f7d116bd27a18e6a74db6b53a

  • SHA512

    d4ae14808bd0d982d6318ca24285dcf71bdb7ff75075be791a8458e7b133f6a409c1b0e461490632017764d1713d47068fe74e09b2103162652495c0f3f6c5de

  • SSDEEP

    196608:C97lX+aFF9MMDJZkyVulPKQ8hY/DksMWsD/4c1+:C97lrFF9MMDJuyV/HYgCsDgc1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 16 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe
    "C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe
      "C:\Users\Admin\AppData\Local\Temp\mssqlclient.exe"
      2⤵
      • Loads dropped DLL
      PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\Crypto.Cipher._ARC4.pyd
    Filesize

    8KB

    MD5

    35cf493fa03a4b8a79666c23fea1da38

    SHA1

    9fb5ee963472f1d1754b6ac568574ebbc3ace8ab

    SHA256

    cda807a9cb5515f37b030f6ef4153b1e58b946a710af498173a756516d77a1d8

    SHA512

    8be08d249b18c244e789d4a3de21c4ddb1ee8e62aa75c84d0ea33afc746ec9cb7540d77c3966ca8e465ce3bec498f62c41d8034110721c764a6605dc0256febb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\_cffi_backend.pyd
    Filesize

    124KB

    MD5

    2409e1eb60aa992a684d92edf3850869

    SHA1

    03085afeeceb5013d6c9b583bd694de46d8b5276

    SHA256

    d14b245fe80e163c24fbfe517ea30f6630d15a10c0271bc21b1efd58911072cb

    SHA512

    dce1f7d5b7d8ccdad3540f0526c887865d5c81ad971a72b3dc0ad12da1ca7a45e98658c0b9a96ff88d512f59dd3a82d93ca9928523561cd16f575bf94c6f9186

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\_ctypes.pyd
    Filesize

    89KB

    MD5

    9e6c48ec9508423d0ce6b6e4d4a10d90

    SHA1

    82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

    SHA256

    b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

    SHA512

    37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\_hashlib.pyd
    Filesize

    705KB

    MD5

    bc5a6e68edc0a5c5dd900bede1b7c753

    SHA1

    982e61a9b6ef28e6497184e106d8ee4409dd1f7f

    SHA256

    0f9d0b4c351c99306b064cd6c4d03c75c196676cc292d450788df994ef50f3e4

    SHA512

    084c68f286abc656bdecce48488498859c4252bc17b1e56667d6b806c40144c8d4e143c8154a09aa62a5bc692ec3621de5505e48b1e7bc55dc81031008f251fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\_socket.pyd
    Filesize

    45KB

    MD5

    600de8a82e2204e88df27714687f88b9

    SHA1

    dac20e0bf5482a6f09648648bc4d38562473c89e

    SHA256

    a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

    SHA512

    3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\_ssl.pyd
    Filesize

    855KB

    MD5

    72344b95f352dcdeda1fec9b9789d3ea

    SHA1

    ba3f52ac2d9f41d45f2c059665680100c546a01d

    SHA256

    9f9cdc34dec5f937a5b15811b74d770e3ae7ee644f4ded7c2d0b7d72df48b251

    SHA512

    234fbdc28db2fc8df26b960434ae43c7bcd430533d1f0a5c8b706bfff1d2395e87a45045946da78d6beb8896ab41ff92e3c74953344bed314d1d5887d4b71198

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\cryptography.hazmat.bindings._constant_time.pyd
    Filesize

    7KB

    MD5

    87f7f14305e898dc7bc5ec6ce33e9e98

    SHA1

    09345490a299ad65f0b3abaa8c857852456ed8bd

    SHA256

    92ea01d3133c807a3c13f924e2423f47e2237c20453da741ffb8d28eb0eccc08

    SHA512

    770348233eb3c5fb38a2ce2a80c156b175517c29e6d7a34a73b4b0296fa210322447cff3d6b68c486d0024f4b0da269ac70ed27e2a7f7626e3811c9e5f3ed118

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\cryptography.hazmat.bindings._openssl.pyd
    Filesize

    1016KB

    MD5

    68f38690a9e026c2f729da7dd1dff258

    SHA1

    f8c4b2fd55d018cc1d71f264173aac5fbe5e81ef

    SHA256

    5193bfa8665713e9ae2427d413e588a4d859d90dfbbc8ecfc54d14b3801b189a

    SHA512

    5232079f5f8c91b101f13ee461af29d817573099840887413ba06e7cbb741f4aecf0c1bd06b9604f80340419bbae1ec32c440e51c08b4876f504d72e70ce1c8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\mssqlclient.exe.manifest
    Filesize

    1015B

    MD5

    767c006582a31dff525de9b3cae1127c

    SHA1

    8941118ebfdc9a1ca466e3cb57aff916452ba59f

    SHA256

    28b371a7905eedb2b3e6526cf6fa493813458946f2c2cf45f39b15870f9f306c

    SHA512

    374b3c1f79cb41b018437064fd3c2c7714969e64ffbb915d17cb08e0c36d8831d4878cc67caeaeeec828855529ec08f3f1e5a9ac1b03ee65aee276cf4f83b78f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\python27.dll
    Filesize

    1.6MB

    MD5

    d1112ee83913b096999b09f34e5b82e6

    SHA1

    9c44e17d0a7fc485cb55c475a30b0a93bc5b7cfd

    SHA256

    9ea3e8a94a10231792f8057de3ff5404354ff58ff614e5eea7e475fabb26b0df

    SHA512

    edea43008c9d71a64fb1dab55c9ba1f35c89f6e58d2b2d19972456a6d68847eb97cc6aa0c0a23ca9df529137705cddf346813f3b0822d5fb39b06f5c2591e72d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\python27.dll
    Filesize

    1.3MB

    MD5

    a771d1f1fbeb0072492c4cae0d188895

    SHA1

    3ddcff8ab4413635bf83a3bdc62abfd7d9338c95

    SHA256

    02b536e274443f2c67e9f10ea3c8bc64801cc90bf168c16987e0c67dca4745c8

    SHA512

    4172df62a6cec30a2f15f12b7ac18ad28aa3eaf24b89ab1fe143326cb45a330473de2cfbdad0e8cf5d4ee1ce63433c885ac7d07cb67696d90909df887a1e3321

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\select.pyd
    Filesize

    10KB

    MD5

    efb6435cb9fb6462132181738c729885

    SHA1

    0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

    SHA256

    039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

    SHA512

    6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42122\unicodedata.pyd
    Filesize

    671KB

    MD5

    a13020f231b588d46aaf82fe9314efdc

    SHA1

    fa43858266fbfa564e98fba78f7e8634659f2dfe

    SHA256

    426d241e6480cecaf55a23ac686311a362548377edcfbfc920ac4cfbe3ea479c

    SHA512

    ed759afde4cf4960f059162b945c5de0e8270780004309c85093684ebfba93cfbb6e642e9db667ed852e8ceaa8c7c4386ff303db08713af4b31a4eeee45955f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42~1\Crypto.Cipher._DES.pyd
    Filesize

    53KB

    MD5

    4142eb42a87310d01ed50ec82f4dffc1

    SHA1

    d62775001498e4298b03ef496baa8fc1b3d0fe1e

    SHA256

    a2bd61a869173321d34f835d409d3a5a251797bf63f531d25396778bb39454cd

    SHA512

    6c581f995e09d300727bab47a93142fd9ea0318d9662b316c7f486f22626155319ca7155bafdd987621a6ad1cdf5d5531eac6fb8409c4e7a039729e9935145fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42~1\Crypto.Hash._MD4.pyd
    Filesize

    10KB

    MD5

    1c303a89853532c1cdfa59cd543bbf2c

    SHA1

    e77a8c85d526dfac464fe2fd1d65c3b291ee09ea

    SHA256

    5a95d92de1e906b8e12725c0628080313e271ec6b7f29e8d14951abccfe8112c

    SHA512

    8adcf9eafea044113d2aeb11a9835c7dbb60f1dda55fe7f20411f85962cbdb1d4a2d6e35e54a0168d1c358419997f4c6dbbd769e9d144bd5776265969c01e213

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_hashlib.pyd
    Filesize

    701KB

    MD5

    c1d229f90b528b4f746d3dc71c3b0716

    SHA1

    b52f72d12851749f29274a0c8b242deacb20d7d6

    SHA256

    01f02b9563b451acbd136ed50b26fbaa0d5b64e046e22f2bb77387a6e4f29c02

    SHA512

    bdc18362bc52dc8e10680b6f3be5dfc4d175b11b9010bb8fba1ba2833abcc6b6e1631f727278be48680e10549c34e0e4f71da530e2831ae55f60d872468a044b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_ssl.pyd
    Filesize

    925KB

    MD5

    1c94f4f26703c9f4f59665948ab48d2d

    SHA1

    667a46b0a1fc88dc16d07160ac4431d31820c14c

    SHA256

    948584f16437d4f07a5895b7e2739d7ea5eea0be337522a87597dc82bca64a19

    SHA512

    e2994d59dc3e315b32f422c5810eaff9eaa5d7476d6fb0be7447ff21115b1d12900aa35cfcfab119c3799e488fd59fa10910f40cad9956d1e17e462a79f94ffe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI42~1\cryptography.hazmat.bindings._openssl.pyd
    Filesize

    787KB

    MD5

    b4d82913645681c30b4e10e3f288d0cf

    SHA1

    fe2b83ef21a89edced2f6fc7abe75770d2ba3709

    SHA256

    d33ca899999adb1a20013ae5df74968d62e795555f919cd87c9c3b3408f7986e

    SHA512

    28116f7ec74115ca3d98c85c51b657bd8f43e135ae18f04b6a1e1419a84359d94d19b6d18dc2f731f79c4a2cad40ab4d7b1dd159240a4ccfa47a34cb21b39a34

    Download Submit

  • memory/4008-64-0x0000000002F30000-0x0000000002F53000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4008-53-0x0000000001420000-0x0000000001430000-memory.dmp

    Filesize

    64KB

    Download