Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

f860d476c3...cc.exe

windows7-x64

7

f860d476c3...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 05:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe

  • Size

    304KB

  • MD5

    a23e7bfb7a8a7864983c4bc0846b3d2b

  • SHA1

    d903c9ff4c3e14ecafc779f3bc6769939ed1191a

  • SHA256

    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc

  • SHA512

    01a0d4c462e1e8d700023decc202a018270a7c92e5f1f93ad6a4fc96b5f62a562c5f08c56dd30bac7e6ce05c654a1475dffed27da53b2e93b20c080a7b7e173c

  • SSDEEP

    6144:1rkW9uEo2S1YnQmCX492DkwNP3qpYF4AqqWb+qR9h+uqkNfoM6YV5TmNa1a3SyP4:1rkuu6/eIo4tQW62T+uTwM6YVxm244

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    "C:\Users\Admin\AppData\Local\Temp\f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4956

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    94.229.72.125
  • flag-us
    DNS
    r1.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.125
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    94.229.72.125:80
    Request
    GET /?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 08:40:40 GMT
    server: nginx
    set-cookie: sid=5e95a8b2-5765-11ed-b843-92193349ef61; path=/; domain=.getapplicationmy.info; expires=Thu, 16 Nov 2090 11:54:47 GMT; max-age=2147483647; HttpOnly
  • flag-gb
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    94.229.72.125:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1680
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 08:40:26 GMT
    server: nginx
    set-cookie: sid=563b0e00-5765-11ed-978a-9219495383ac; path=/; domain=.getapplicationmy.info; expires=Thu, 16 Nov 2090 11:54:33 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    POST
    http://r2.getapplicationmy.info/?report_version=5&
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    162.210.196.173:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r2.getapplicationmy.info
    Content-Length: 1680
    Cache-Control: no-cache
    Cookie: sid=563b0e00-5765-11ed-978a-9219495383ac
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 08:40:26 GMT
    server: nginx
  • flag-us
    DNS
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.125
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    Remote address:
    94.229.72.125:80
    Request
    GET /?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=5e95a8b2-5765-11ed-b843-92193349ef61
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 29 Oct 2022 08:41:13 GMT
    server: nginx
  • 209.197.3.8:80
    46 B
     40 B
     1
    1
  • 94.229.72.125:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File
    http
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    1.0kB
     560 B
     10
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File

    HTTP Response

    429
  • 94.229.72.125:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    2.3kB
     640 B
     9
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 162.210.196.173:80
    http://r2.getapplicationmy.info/?report_version=5&
    http
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    2.3kB
     478 B
     8
    7

    HTTP Request

    POST http://r2.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 209.197.3.8:80
    46 B
     40 B
     1
    1
  • 209.197.3.8:80
    322 B
     7
  • 2.18.109.224:443
    322 B
     7
  • 94.229.72.125:80
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    260 B
     5
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 94.229.72.125:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File
    http
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    1.0kB
     398 B
     9
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=1535235925906336726&publisher_id=727&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6084889701271466520&external_id=0&session_id=16331301785259149311&hardware_id=13008672462902669279&external=&_id=1386009289983427245&installer=&_file_name=Easy+Shutdown+by+Aung+_Kyaw.exe&product=&_name=Easy+Shutdown+by+Aung+_Kyaw.exe&q=&Easy+Shutdown+by+Aung+_Kyaw.exe=&filesize=&product_name=Your+File

    HTTP Response

    429
  • 94.229.72.125:80
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    260 B
     5
  • 94.229.72.125:80
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    260 B
     5
  • 94.229.72.125:80
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    260 B
     5
  • 94.229.72.125:80
    c2.getapplicationmy.info
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    260 B
     5
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    94.229.72.125

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.125

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    f860d476c33b474776aa8ccad57e618a814d0a01c58a73b47b8164138fdba0cc.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.125

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuE5794BED.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{6286625E-4F80-49E7-AB0C-07A2B96540A8}\Custom.dll
    Filesize

    73KB

    MD5

    56e4e9e881524397c9f6dca5ca70b1e8

    SHA1

    8ad77bad589591171eb94a593c3814a3b742f79c

    SHA256

    2e6e83c80a887c82c890053f491e0cb24074967b5ae7af7c8c4bcae78af2a22b

    SHA512

    130c83dfc0db281bd7999edc6c295f122ab3ba00c69353daad988866680a6994365874eb29122b8473930d2ba0df58bdfb27eb8897a819f79c8b8e31e6597700

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{6286625E-4F80-49E7-AB0C-07A2B96540A8}\_Setup.dll
    Filesize

    168KB

    MD5

    9f8992a651c85604676b2bbf54830547

    SHA1

    bd2a5cd0038899d97d7c652056c948c33c5bc83d

    SHA256

    61fef12b10bb745094ec1392da30c357d508c2befafddd354cad9922feca8ed4

    SHA512

    a6d7692bdbf1a19eb582150d5387faf7d08119f7b111a809c3b55f9de5ee74481b62a1a745f6ed3817ac4c0245ca52e4db8026690ba6a48d3006d47771b60ed7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.