Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup Omni...3d.exe

windows7-x64

7

Setup Omni...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup Omnisphere v2.8.3d.exe

  • Size

    87.7MB

  • MD5

    a973e6da9ccc3649a81879fdd199c482

  • SHA1

    e4393a5beee6f5ae53676a66c91a527eeaa5f525

  • SHA256

    46c00cfc4d02286853bad0924b95f71714f9428d3453d6769d684d9b22bb2f43

  • SHA512

    8f13216378b55003f3e90eb06057352bff0f4a0872f752729acb40731e1b071101c565a0b8ece805a5c0ec55315be2a7059c081dcbc7cb47266c1ea3ee7c901d

  • SSDEEP

    1572864:eHgSQgnz4BZT+pHiYKVkVqUjRnOJTkIGmAAmPYOJRXjry4xmIid3TYT5wlbjYGQ+:eHgSLYTIBOq9JAmv/jG4xVTKl3YO7Lv

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\is-SOS11.tmp\Setup Omnisphere v2.8.3d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SOS11.tmp\Setup Omnisphere v2.8.3d.tmp" /SL5="$10006E,91503611,121344,C:\Users\Admin\AppData\Local\Temp\Setup Omnisphere v2.8.3d.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:4692
  • C:\Program Files\Spectrasonics\Omnisphere\Omnisphere.exe
    "C:\Program Files\Spectrasonics\Omnisphere\Omnisphere.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:228
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x494 0x514
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Spectrasonics\Omnisphere\Omnisphere.exe
    Filesize

    4.3MB

    MD5

    d28e1476591f73d3ea299a860083916e

    SHA1

    920752d84f94faac5f81ef6803e8898db98d89a6

    SHA256

    434d4eb226122a9d3548371290c73bff4b075afb75bdf07d9e334f6745b560e4

    SHA512

    e053ca8a0fa2eff9ecb98f80527774530959c30d15e3ddfc6a07b3e06e689e44cb122e14bbc3212680b848c786282e8e9c0d320b6a7955ec08d1353aed5adffd

    Download Submit

  • C:\ProgramData\Spectrasonics\plug-ins\64bit\Omnisphere.dll
    Filesize

    46.4MB

    MD5

    2db60d45d805d0b73ca0b3f407280a69

    SHA1

    e82df0174786f0dfd30147c7df86178f691b05e2

    SHA256

    8c9076d12b51452dd7e124b07ef3346f8aa68689154af5bed9a80f2675a0c6c7

    SHA512

    14185a2aa8a8023f33758b60073333f957d4b6beba10ff68bc9892999044455a8fdbdf1594d9807dbf266d9cdbcd3033c787f6501e83492f59c1e230a34696fd

    Download Submit

  • C:\ProgramData\Spectrasonics\plug-ins\64bit\Omnisphere.dll
    Filesize

    62.5MB

    MD5

    531ba66946e699fafbda72b38a2af728

    SHA1

    93fd6eaf5cba0b9aab941b05d22fcdb487cc8692

    SHA256

    d201567d1998e35166a35d372ddff60831d6503705e71d617dc30ad870cc8e0c

    SHA512

    a0ab3faec8de18b148146c668a73694d022dc58186e8d3141efac323dcb0e8e829ba22bb14425ea79b601ab5284789f93db67ad8081311dbb84fab4a6bfaee0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QKM4C.tmp\ISSKINU.DLL
    Filesize

    357KB

    MD5

    f30afccd6fafc1cad4567ada824c9358

    SHA1

    60a65b72f208563f90fba0da6af013a36707caa9

    SHA256

    e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

    SHA512

    59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QKM4C.tmp\R2RINNO.dll
    Filesize

    4KB

    MD5

    59a1566097f670d5d036db472016ebcf

    SHA1

    52566f8f3ed696791263e377073e14fdc5b77e33

    SHA256

    5bffc47f810272b687fc89d48ece1c1a2fb794d18c80d804ee7491e309b9bc6b

    SHA512

    4bb3a22e991c3629ba73e606d175c984988150c120abe1ec92d4447c6f0c1c9bbd79313ac31d10e2301f914041b0cef70df2f984beee8c2c1ec2bc9925659e0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QKM4C.tmp\SKIN.CJSTYLES
    Filesize

    573KB

    MD5

    28a286d3718a1987b17d38694b4f4d1a

    SHA1

    04a686920728a80a8035ac9813c4868de734eb9c

    SHA256

    931f11a49d0395d434988a511923b71e0149b18e70bbd021e219e5e1cfde6e9d

    SHA512

    3d98e9307bc5aa3e85c220dfc81275e89f4487e35f005356a2aa006e0408ed181ffa30f5281731cc4b2aaa7bf2823ad2c14e0ac3f781022b0296f820d24d3ee7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QKM4C.tmp\SKIN.CJSTYLES
    Filesize

    719KB

    MD5

    628840d116565bb2a5dd9cef0a6eef10

    SHA1

    5d6b94ffa1bf32448bf035cefa18100aa53b7789

    SHA256

    975e5bd9d37a3c68d4a4b5e3002f41e6ae327be4acc25f88b1e3fcf92a35721a

    SHA512

    757e5cbc4070273f4f47055b98eba2624aed770ddf1ac361fffb827aeff297e2f5e35e11cdeb3ecc09408498d15f7e2f9e190357677348226969d41754bdb534

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-SOS11.tmp\Setup Omnisphere v2.8.3d.tmp
    Filesize

    1.1MB

    MD5

    34acc2bdb45a9c436181426828c4cb49

    SHA1

    5adaa1ac822e6128b8d4b59a54d19901880452ae

    SHA256

    9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

    SHA512

    134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Omnisphere\Omnisphere.settings
    Filesize

    330B

    MD5

    7e6f641dc16d76bb5248e32332d79782

    SHA1

    4154d97194b7fda6079afe87f16f7361ec8f99e7

    SHA256

    6f73964c1ed4ad5a2018a9927b86de967aaae7167f591a1e54fa71f3d0f47d4f

    SHA512

    e7a75cfbf5181a4f3e16ae1f1917e36ca244b924cb3c5dd8ab6f94601233b33af5d0a05cb124651899734e53e7f99df7713ae095d069985fbe04c3cf1be90ed7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Omnisphere\Omnisphere.settings~RFe582cd7.TMP
    Filesize

    176B

    MD5

    6bdadd80da3f7d625e97f807edeffc31

    SHA1

    01fef5515e74e627cac2c7cd0d1d9c575786c5de

    SHA256

    fc3d2a43a9bcbb7e6a781badd4c30adeba469f8f642105d0e207a66ee664aeaf

    SHA512

    4e5efcab111928b1a3d7f255833f51a1b8dfb0c5deb7fc5b05ef8824c04460444adaa2f1e3efd3ca51b0679bff6329860e0524fd66aaecb4f3a542e0b4ca7492

    Download Submit

  • memory/1732-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1732-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1732-329-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1732-160-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4692-54-0x0000000075610000-0x0000000075684000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4692-72-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-27-0x0000000076A60000-0x0000000076A85000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4692-26-0x0000000076A90000-0x0000000076B0A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4692-29-0x0000000076A90000-0x0000000076B0A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4692-30-0x0000000076A60000-0x0000000076A85000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4692-33-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-32-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-34-0x0000000076A60000-0x0000000076A85000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4692-36-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-35-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-31-0x0000000074990000-0x00000000749C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4692-37-0x0000000076960000-0x0000000076A43000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4692-38-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-41-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-44-0x0000000076960000-0x0000000076A43000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4692-48-0x0000000075610000-0x0000000075684000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4692-51-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-53-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-57-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-56-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-55-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-58-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-59-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-25-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-60-0x0000000076A60000-0x0000000076A85000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4692-62-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-52-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-64-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-67-0x0000000075610000-0x0000000075684000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4692-69-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-28-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-73-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-71-0x0000000076960000-0x0000000076A43000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4692-70-0x0000000075CD0000-0x0000000075DAC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/4692-68-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-66-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-65-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-78-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-80-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-79-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-77-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-76-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-75-0x0000000075610000-0x0000000075684000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4692-74-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-63-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-61-0x0000000075610000-0x0000000075684000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4692-50-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-49-0x00000000747C0000-0x00000000748E2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4692-47-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-46-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-45-0x0000000076190000-0x0000000076743000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4692-43-0x0000000075CD0000-0x0000000075DAC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/4692-42-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-40-0x0000000075690000-0x00000000758A0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-39-0x00000000775A0000-0x000000007764F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4692-24-0x0000000076A90000-0x0000000076B0A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4692-161-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4692-21-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-22-0x0000000076A90000-0x0000000076B0A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4692-23-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-20-0x0000000076A90000-0x0000000076B0A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4692-14-0x0000000010000000-0x0000000010061000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4692-6-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

    Download