Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

06601f8b49...a3.exe

windows7-x64

7

06601f8b49...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    114s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2022, 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06601f8b495440afe091df19682c42dcc071d63322a9a47511797e9c671aaea3.exe

  • Size

    2.0MB

  • MD5

    58d05008302fee16c6d6372e1546f896

  • SHA1

    c9a9cbd7b932c7ace308ae737f2660197686bf6c

  • SHA256

    06601f8b495440afe091df19682c42dcc071d63322a9a47511797e9c671aaea3

  • SHA512

    06b483d2184bcd09c0a50d0bb1aed739d23f099136c2526d6b548afc7b1ab3254278db9e57c56d5a5c24a2dad02e902f7a41a462c6eb3a64e9bf3d5fec355927

  • SSDEEP

    49152:2hZU2wOdze5WPMCT18kDvMPLrov28iCr0OAY/c:DO1nPjp8k8/o7FYNWc

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06601f8b495440afe091df19682c42dcc071d63322a9a47511797e9c671aaea3.exe
    "C:\Users\Admin\AppData\Local\Temp\06601f8b495440afe091df19682c42dcc071d63322a9a47511797e9c671aaea3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\ESpeechEngine.fne
    Filesize

    176KB

    MD5

    e066d8e9ba0d65ec69fbb95fff7d1582

    SHA1

    e3706641abd238ca200820c4fa6ccff9bd319018

    SHA256

    432425546051a8ed635a8a608ef05a67d38a0c83f1c92b0a89cb5738b3b09bc7

    SHA512

    b61389bc6ba6601d314d50ad8c9c551e0976b993fbaca68f19cff667d3da26f49f037c773869806f54874d3f9807fcef3e19b2b8f303718b1f37f51f31d334ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\ESpeechEngine.fne
    Filesize

    176KB

    MD5

    e066d8e9ba0d65ec69fbb95fff7d1582

    SHA1

    e3706641abd238ca200820c4fa6ccff9bd319018

    SHA256

    432425546051a8ed635a8a608ef05a67d38a0c83f1c92b0a89cb5738b3b09bc7

    SHA512

    b61389bc6ba6601d314d50ad8c9c551e0976b993fbaca68f19cff667d3da26f49f037c773869806f54874d3f9807fcef3e19b2b8f303718b1f37f51f31d334ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\PCOMM.DLL
    Filesize

    80KB

    MD5

    bedfff9a8296392992a458d03ba69e08

    SHA1

    38cbacf18c42c624e0c76d2120d7b436e89ef2fc

    SHA256

    27d39a3e0a1f98b3755a1866756afe36f3ea92ef83fc2b1b08cecb0f1b5e1df3

    SHA512

    c3173729c13cb2b5e64eaaafff01c32cc2fe298c46b3ff82324f89b690be1cb8c4a0f40dfa4035e3d5cd8f43994cc537a34d48e5cbfb9e397b67b98c17654eb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\PCOMM.DLL
    Filesize

    80KB

    MD5

    bedfff9a8296392992a458d03ba69e08

    SHA1

    38cbacf18c42c624e0c76d2120d7b436e89ef2fc

    SHA256

    27d39a3e0a1f98b3755a1866756afe36f3ea92ef83fc2b1b08cecb0f1b5e1df3

    SHA512

    c3173729c13cb2b5e64eaaafff01c32cc2fe298c46b3ff82324f89b690be1cb8c4a0f40dfa4035e3d5cd8f43994cc537a34d48e5cbfb9e397b67b98c17654eb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext3.fne
    Filesize

    384KB

    MD5

    d2a9c02acb735872261d2abc6aff7e45

    SHA1

    fce6c2cf2465856168ea55ccd806155199a6f181

    SHA256

    0216a0f6d6d5360ab487e696b26a39eb81a1e2c8cd7f59c054c90ab99a858daf

    SHA512

    c29a0669630ddf217d0a0dcd88272d1ec05b6e5cd7ab2eb9379bdc16efbc40a6c17cfd8a5dba21ce07060d54a2a3d8944aaa36a3b92e8025112a751d264a897d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext3.fne
    Filesize

    384KB

    MD5

    d2a9c02acb735872261d2abc6aff7e45

    SHA1

    fce6c2cf2465856168ea55ccd806155199a6f181

    SHA256

    0216a0f6d6d5360ab487e696b26a39eb81a1e2c8cd7f59c054c90ab99a858daf

    SHA512

    c29a0669630ddf217d0a0dcd88272d1ec05b6e5cd7ab2eb9379bdc16efbc40a6c17cfd8a5dba21ce07060d54a2a3d8944aaa36a3b92e8025112a751d264a897d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
    Filesize

    1.2MB

    MD5

    1eece63319e7c5f6718562129b1572f1

    SHA1

    089ea3a605639eb1292f6a2a9720f0b2801b0b6e

    SHA256

    4bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310

    SHA512

    13537d1dd80fa87b6b908361957e8c434ca547a575c8c8aab43423063e60cb5523fb1843a467ae73db4a64d278c06b831551e78ae6d895201f7ef0c5b162c1ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • memory/3368-136-0x00000000007A0000-0x00000000007D0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3368-144-0x0000000002AF0000-0x0000000002B31000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3368-140-0x00000000026D0000-0x000000000273F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/3368-148-0x00000000047B0000-0x0000000004872000-memory.dmp

    Filesize

    776KB

    Download

  • memory/3368-133-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/3368-151-0x0000000002C50000-0x0000000002C65000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3368-152-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download