Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
12s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07/03/2024, 14:32
General
-
Target
uwd.exe
-
Size
610KB
-
MD5
49637e4ae02ad0066cd78eb0ea21ec9e
-
SHA1
e875447cd5f5eb7c486a475eba97823678c29962
-
SHA256
12bae61fbc85d233135b2364b34ece68bf578db4535c54cdfeb2c8ac67b08325
-
SHA512
113b716aed397fb4a8cf19b412793fc0b1a1691922145f833692a8d8069a7e907c8b1e41b139453154b03023dd0ec3362d21e109753dd736d35e8c531da898be
-
SSDEEP
12288:zN800y4lJOSdwJ9L4Abzc1LBWBZdnzhvc:x+ypWGfo1LBWBZpFc
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Registers COM server for autorun 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 36 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies registry class 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 11 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\uwd.exe"C:\Users\Admin\AppData\Local\Temp\uwd.exe"1⤵
- Registers COM server for autorun
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Modifies Installed Components in the registry
- Loads dropped DLL
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3950055 /state1:0x41c64e6d1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD58a91a913141f8758969991d1715369a9
SHA1d59de6f8146ead378723bebc285bbb13b2aa6a7b
SHA256550315a7cd9a929476d1b7dcf63072d1c405e2d15d29f9f9b1a6284a1aa34a47
SHA5127471762efcbb7dbba9c140f03e31ca436522a11d3db8c3878f561b42c2c6995521e0350eda2d381dbfa1a9952491483ca9949c76c9b71593f3f281f0b858bdcb
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
28KB
-
Filesize
12KB
-
Filesize
4KB
-
Filesize
636KB
-
Filesize
636KB