Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Ocean-mU6C3Q8S3.exe

windows7-x64

8

Ocean-mU6C3Q8S3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ocean-mU6C3Q8S3.exe

  • Size

    2.3MB

  • MD5

    81875aa2ae85134e6cd48aeac6473c90

  • SHA1

    3b21067dba7b75984390a1933b26590ac0522ff9

  • SHA256

    23a1aa29468648436cd6997e5ac69eaf4d019e940ed4ce550b5601aa79ec22dd

  • SHA512

    a8951a0d62066d00818f1e3549a54d5326b1a48c7840eedaf742c9b921210acc84d1d65f38deb4e7e3e8c4d4b1f08dd04e5d045f6fbaf977121e018bad1dfb02

  • SSDEEP

    24576:B/4Ot9YBz6Rtli/vX3WMPzslptvHt6PL9V7ZEpZpzrXfH/HkSkMZyCV1ED/TGmnt:BAOt9YB+RtDMPggPL95epPffcz7znt

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ocean-mU6C3Q8S3.exe
    "C:\Users\Admin\AppData\Local\Temp\Ocean-mU6C3Q8S3.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Users\Admin\AppData\Local\Temp\IeV71TNe5VS\wET6YZG5isnuk.exe
      C:\Users\Admin\AppData\Local\Temp\IeV71TNe5VS\wET6YZG5isnuk.exe U6C3Q8S3
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IeV71TNe5VS\wET6YZG5isnuk.exe
    Filesize

    7.5MB

    MD5

    c8a2f77a31452fdf1a79f2d12beeb038

    SHA1

    bd4e81cad8deb25f8308601690c808354f6329cc

    SHA256

    df285b0f2b00e64f83f42e442250dd0a51ee09bdcaae995c1f1dde461c6d09c8

    SHA512

    0d6b3a879bf46ea06302ed249800a5741d1f9938a90eab2fe326994e7f598f2a06b771e573465215809db8b67f0863c0ca975d28ce16407290dc035f4535c367

    Download Submit

  • memory/2136-4-0x0000000140BC6000-0x0000000140DFC000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2136-6-0x00007FFB619E0000-0x00007FFB619E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2136-5-0x00007FFB619D0000-0x00007FFB619D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2136-12-0x0000000140000000-0x000000014157A000-memory.dmp

    Filesize

    21.5MB

    Download

  • memory/2136-13-0x0000000140000000-0x000000014157A000-memory.dmp

    Filesize

    21.5MB

    Download

  • memory/2136-14-0x0000000140BC6000-0x0000000140DFC000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2136-15-0x0000000140000000-0x000000014157A000-memory.dmp

    Filesize

    21.5MB

    Download