Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

0606b4e4de...6a.exe

windows7-x64

10

0606b4e4de...6a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    316s
  • max time network
    312s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2022, 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe

  • Size

    205KB

  • MD5

    6eae993ff5f359c8796199027c009b58

  • SHA1

    f346b43723d8bcad06fc93b203f3663aff1df039

  • SHA256

    0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a

  • SHA512

    3c07b2baa988c6d095af1a158bb04381b941f16db8b470ddb01fe3600857dfb10d3e143716215f1c18f21841b356c3ca931e563c2eca07f885d37b08af09c7c9

  • SSDEEP

    3072:hqhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:hqhMPssRARoiSoS3SsQLH5AK

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe
    "C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe 
      C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe 
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe 
    Filesize

    129KB

    MD5

    e2c33f1d5b2c10d0fff92ec379577f06

    SHA1

    db52e7c71eb6e99ad6fa38305a7c62337246cc9e

    SHA256

    6fe9ec72f717f7e26398412b782a725030c796a253d3d17c883a6dbaf1bc4e01

    SHA512

    6a813184d730de5a8d2295222c4a47a7295e28886c5a982ab9d94a7ceed7f41683038ce9981fa1a789a8371095807fe4b36ae3f3502588624fed94664aa6b1c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\0606b4e4dea64c05a6b041dbc2a50276e02efa9fcd194e2d895c1dec9d3d266a.exe 
    Filesize

    129KB

    MD5

    e2c33f1d5b2c10d0fff92ec379577f06

    SHA1

    db52e7c71eb6e99ad6fa38305a7c62337246cc9e

    SHA256

    6fe9ec72f717f7e26398412b782a725030c796a253d3d17c883a6dbaf1bc4e01

    SHA512

    6a813184d730de5a8d2295222c4a47a7295e28886c5a982ab9d94a7ceed7f41683038ce9981fa1a789a8371095807fe4b36ae3f3502588624fed94664aa6b1c8

    Download Submit

  • memory/1060-138-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download