Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
54s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-es -
resource tags
arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
30/12/2023, 01:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Yama.exe
Resource
win10v2004-20231215-es
3 signatures
600 seconds
General
-
Target
Yama.exe
-
Size
404KB
-
MD5
90d84900ec36e3cc6e2f4a7d468ebda1
-
SHA1
113a6fe427cba85a876e4e87b24b068fdcd3cb02
-
SHA256
fd06776453a7c91fddfb725402fe99b029fc01d6e3bdf8dd904435693aab9c7d
-
SHA512
bfe26d9aeeb6521dca4fafcf92f2979937271721ef2bec1a2e8bf878a013cca4b9ffb9d6bcbada14c2345c67668d2a1f96094b5a668a69a5a7057dbee1d3301d
-
SSDEEP
6144:nJEJCDqunTQNY6wx/h6SIv9eajliD5UjuA9lqL8WLX4WCvO:nKJ2qunMY3YZUaj8qjuA9cYW
Score
1/10
Malware Config
Signatures
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell Yama.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Yama.exe\" \"%1\"" Yama.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\URL Protocol Yama.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Yama.exe\",0" Yama.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open\command Yama.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open Yama.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader Yama.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\ = "URL: QLoader Protocol" Yama.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\DefaultIcon Yama.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4616 Yama.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4616 Yama.exe 4616 Yama.exe 4616 Yama.exe