Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

VTYaQsAA0Hei.exe

windows10-1703-x64

8

VTYaQsAA0Hei.exe

windows10-2004-x64

8

Resubmissions

12/10/2023, 03:24 UTC

231012-dyhs4sce9w 8

17/09/2023, 21:25 UTC

230917-z9paxscg7t 8

17/09/2023, 21:06 UTC

230917-zxs4cacg4s 8

17/09/2023, 20:58 UTC

230917-zscwkafc29 8

Analysis

  • max time kernel
    200s
  • max time network
    252s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/09/2023, 21:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VTYaQsAA0Hei.exe

  • Size

    5.8MB

  • MD5

    284fb670fe2bc13889345537218dc883

  • SHA1

    6a0f9bf98ae4417fbad3681bc57e7f795e40b160

  • SHA256

    707d8b322b6ae7c70344034b7802b1ddcca766114425f9ae212bc79394cb4aeb

  • SHA512

    9f3b34b97dc56622cafe89fc1f913a9ce61a43c4ac7fa65b1a0f229289fe8e139f8163953be6bb924d2909ed2c707d2b6552c06596bf1097ea665fd6e5935bcf

  • SSDEEP

    98304:irb/nXZD75WXGVuJB1687EcfM6tQ1DmcJSLROcZbVO3WS8iWQNekngFVDXnd:irb/nXhtFm68rfRt4mGSLR/ZEmSdNZgB

Score
8/10
evasion

Malware Config

Signatures

  • Looks for VMWare services registry key. 1 TTPs 2 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VTYaQsAA0Hei.exe
    "C:\Users\Admin\AppData\Local\Temp\VTYaQsAA0Hei.exe"
    1⤵
    • Looks for VMWare services registry key.
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4716

Network

  • flag-us
    DNS
    160.83.251.198.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    160.83.251.198.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.21.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.21.238.8.in-addr.arpa
    IN PTR
    Response
  • 198.251.83.160:6969
    VTYaQsAA0Hei.exe
    274 B
     260 B
     5
    5
  • 8.8.8.8:53
    160.83.251.198.in-addr.arpa
    dns
    73 B
     132 B
     1
    1

    DNS Request

    160.83.251.198.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    3.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    3.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    126.21.238.8.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    126.21.238.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4716-0-0x0000000140000000-0x0000000140F8A000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/4716-2-0x0000000140000000-0x0000000140F8A000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/4716-4-0x0000000140000000-0x0000000140F8A000-memory.dmp

    Filesize

    15.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.