Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03/05/2024, 18:34
Static task
static1
Behavioral task
behavioral1
Sample
09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe
Resource
win10v2004-20240419-en
General
-
Target
09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe
-
Size
454KB
-
MD5
b7a31c43726aa4e904605ad6548905e9
-
SHA1
3132e5eea7adb6a1e75aa7236ff908e18ceda90e
-
SHA256
09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368
-
SHA512
95f4bebcab9fc7e8d680741f00a426576629bedd8789b1d26a4c006f73570a77e8798f6a66fccbb59c1e7cf56a7669fb3376c7c5a932cdc6fe4f9f9fe90e2d95
-
SSDEEP
6144:4jlYKRF/LReWAsUyXeKrxt0slnivGYMtdCTcXF9luKXAdKNp6HxOd8tkxBYVbwe:4jauDReWpjX0sRivGYvcXJV6RRkDYV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3624 uyihgv.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\uyihgv.exe" uyihgv.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1804 wrote to memory of 3624 1804 09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe 83 PID 1804 wrote to memory of 3624 1804 09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe 83 PID 1804 wrote to memory of 3624 1804 09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe"C:\Users\Admin\AppData\Local\Temp\09671d97938337a0373e1b946b53712ebea6de59e7d118ecc3993c30f5812368.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\ProgramData\uyihgv.exe"C:\ProgramData\uyihgv.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3624
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
454KB
MD5728e64c1d950d040081a18b484d13197
SHA16e8c49955afd66733b7bcba092da96bb3ffbe01e
SHA256dca2ecac41d9555499ae6862f19a8686410d7d810f0952474777e2e76cff54f3
SHA5120fa19682a32f8c1e10cbaff9ac19e4eb8f7401fbc47e7b0a7b19b494d70d7e7c3e1b3f96e15905af380e3948c495723699af8f07fcb538a7ae4826c080d41bd6
-
Filesize
136KB
MD5cb4c442a26bb46671c638c794bf535af
SHA18a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf
SHA256f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25
SHA512074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3
-
Filesize
317KB
MD585489368202dfbe6b14973e2c4d0b43e
SHA197050959ce731257e24ddda8a9c291fb26d54e98
SHA256ce40032976eac209dc29a09ea507363297ac407acaecdd8dc88fb92ae1a4516d
SHA512a891487b210eaa82fc5f0b104b6a02942cae30c92745f0e30ba834f13377bf342c1b903e2830aefb349ef87382805f991c26a8365ca7001d1473bf044f88c460