Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

OpenVR2Key.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    10s
  • max time network
    12s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OpenVR2Key.exe

  • Size

    2.2MB

  • MD5

    bfff6a7d641166f771254aa07a0f5236

  • SHA1

    49eedc53bcfcf28e6aa3ab1db48b72090a967b2f

  • SHA256

    7b41f19af2c3fb5d8b3c8d8f7c449c99c9dde3a6aa34d72f5bdd45dcea23312c

  • SHA512

    2d2f35e6442fe63eef2e33853b9857e5b8d0cf3e133584ea0846694a7f07df8c15fe3472b861404b0012cef6d69d76e2ca1b8e4afca2af860c38e81a57e42e36

  • SSDEEP

    24576:kP4+R52UbhWRc9ezr22aVOTpMHM39AnwOv9JziToJaNxTeUdKgNt2RXkZrvbuhZz:kdIPvkoTpcANxqcKYZrbG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OpenVR2Key.exe
    "C:\Users\Admin\AppData\Local\Temp\OpenVR2Key.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Costura\EA800E35195B30CAB7B8AAD51BBC3D7A\64\openvr_api.dll
    Filesize

    800KB

    MD5

    2d1468cf05205ec6963e508097a98614

    SHA1

    54113f7c591d40c8d2510497617069be7c404882

    SHA256

    71db78e77e577db6d0666c25437695d42ceafb9c7f8da94fbe765525b8e2f5f2

    SHA512

    6f85e91c32a436a380fc5bbceec7a4fc227a9a82d36a4d73d23ec0d92b9a454ea3f1a83627963cd36fa94b9772ab0a63fb2dddfa193a067be5b752107db00759

    Download Submit

  • memory/4128-0-0x00007FFC40BD3000-0x00007FFC40BD5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-1-0x00000138A8D10000-0x00000138A8F52000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4128-5-0x00000138A9350000-0x00000138A935C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4128-6-0x00000138A9380000-0x00000138A939A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4128-7-0x00007FFC40BD0000-0x00007FFC41691000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4128-8-0x00000138C4EA0000-0x00000138C4F50000-memory.dmp

    Filesize

    704KB

    Download

  • memory/4128-11-0x00000138C72A0000-0x00000138C72A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4128-12-0x00007FFC40BD0000-0x00007FFC41691000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4128-13-0x00000138C7730000-0x00000138C7768000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4128-14-0x00000138C7700000-0x00000138C770E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4128-15-0x00007FFC40BD0000-0x00007FFC41691000-memory.dmp

    Filesize

    10.8MB

    Download