Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
12/10/2023, 03:24
231012-dyhs4sce9w 817/09/2023, 21:25
230917-z9paxscg7t 817/09/2023, 21:06
230917-zxs4cacg4s 817/09/2023, 20:58
230917-zscwkafc29 8Analysis
-
max time kernel
58s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
17/09/2023, 20:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VTYaQsAA0Hei.exe
Resource
win10v2004-20230915-en
3 signatures
150 seconds
General
-
Target
VTYaQsAA0Hei.exe
-
Size
5.8MB
-
MD5
284fb670fe2bc13889345537218dc883
-
SHA1
6a0f9bf98ae4417fbad3681bc57e7f795e40b160
-
SHA256
707d8b322b6ae7c70344034b7802b1ddcca766114425f9ae212bc79394cb4aeb
-
SHA512
9f3b34b97dc56622cafe89fc1f913a9ce61a43c4ac7fa65b1a0f229289fe8e139f8163953be6bb924d2909ed2c707d2b6552c06596bf1097ea665fd6e5935bcf
-
SSDEEP
98304:irb/nXZD75WXGVuJB1687EcfM6tQ1DmcJSLROcZbVO3WS8iWQNekngFVDXnd:irb/nXhtFm68rfRt4mGSLR/ZEmSdNZgB
Score
8/10
Malware Config
Signatures
-
Looks for VMWare services registry key. 1 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Vmmouse VTYaQsAA0Hei.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMTools VTYaQsAA0Hei.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe 636 VTYaQsAA0Hei.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 636 VTYaQsAA0Hei.exe