Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
96s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
02/08/2024, 18:18
General
-
Target
oculus-go-adb-driver-2.0/usb_driver/i386/winusbcoinstaller2.dll
-
Size
831KB
-
MD5
8e7b9f81e8823fee2d82f7de3a44300b
-
SHA1
1633b3715014c90d1c552cd757ef5de33c161dee
-
SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c
-
SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9
-
SSDEEP
12288:cZq3DFVAZjj5h7OqGDqY66s32+0SLqfhA50yWI7yBoM1oGloLwtxJYnPXrmQlT:cZwoP7MYG+pX501zBoC+wtxuPXrmQlT
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\oculus-go-adb-driver-2.0\usb_driver\i386\winusbcoinstaller2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\oculus-go-adb-driver-2.0\usb_driver\i386\winusbcoinstaller2.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 4963⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3100 -ip 31001⤵