Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/03/2024, 16:26
Static task
static1
Behavioral task
behavioral1
Sample
Setup Omnisphere v2.8.3d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Setup Omnisphere v2.8.3d.exe
Resource
win10v2004-20231215-en
General
-
Target
Setup Omnisphere v2.8.3d.exe
-
Size
87.7MB
-
MD5
a973e6da9ccc3649a81879fdd199c482
-
SHA1
e4393a5beee6f5ae53676a66c91a527eeaa5f525
-
SHA256
46c00cfc4d02286853bad0924b95f71714f9428d3453d6769d684d9b22bb2f43
-
SHA512
8f13216378b55003f3e90eb06057352bff0f4a0872f752729acb40731e1b071101c565a0b8ece805a5c0ec55315be2a7059c081dcbc7cb47266c1ea3ee7c901d
-
SSDEEP
1572864:eHgSQgnz4BZT+pHiYKVkVqUjRnOJTkIGmAAmPYOJRXjry4xmIid3TYT5wlbjYGQ+:eHgSLYTIBOq9JAmv/jG4xVTKl3YO7Lv
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2016 Setup Omnisphere v2.8.3d.tmp -
Loads dropped DLL 4 IoCs
pid Process 1176 Setup Omnisphere v2.8.3d.exe 2016 Setup Omnisphere v2.8.3d.tmp 2016 Setup Omnisphere v2.8.3d.tmp 2016 Setup Omnisphere v2.8.3d.tmp -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2016 Setup Omnisphere v2.8.3d.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28 PID 1176 wrote to memory of 2016 1176 Setup Omnisphere v2.8.3d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe"C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Users\Admin\AppData\Local\Temp\is-BMHOT.tmp\Setup Omnisphere v2.8.3d.tmp"C:\Users\Admin\AppData\Local\Temp\is-BMHOT.tmp\Setup Omnisphere v2.8.3d.tmp" /SL5="$70120,91503611,121344,C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2016
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD534acc2bdb45a9c436181426828c4cb49
SHA15adaa1ac822e6128b8d4b59a54d19901880452ae
SHA2569c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb
-
Filesize
357KB
MD5f30afccd6fafc1cad4567ada824c9358
SHA160a65b72f208563f90fba0da6af013a36707caa9
SHA256e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d
SHA51259b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c
-
Filesize
4KB
MD559a1566097f670d5d036db472016ebcf
SHA152566f8f3ed696791263e377073e14fdc5b77e33
SHA2565bffc47f810272b687fc89d48ece1c1a2fb794d18c80d804ee7491e309b9bc6b
SHA5124bb3a22e991c3629ba73e606d175c984988150c120abe1ec92d4447c6f0c1c9bbd79313ac31d10e2301f914041b0cef70df2f984beee8c2c1ec2bc9925659e0b
-
Filesize
813KB
MD55f87caf3f7cf63dde8e6af53bdf31289
SHA1a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA2564731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA5124875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d
-
Filesize
284KB
MD50827205aa9b381df3aac3fe9208eff4b
SHA10932f4ed8020f26963a79cb74a9bb165323d4789
SHA256809318cd6aaa27967c38d8093453f374daa53afaf9c22ce5f3717a79700d4f84
SHA512b2644db448aa037267a6ebbc49c2cc655446682df4c8b829cbb4170ac588e60ab8fc8ce13f82166f181f0882220f055a7b8dd1ddfd1d6cdd5d6a24e5f878b56d