Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

UltraISO P...es.exe

windows7-x64

4

UltraISO P...es.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UltraISO Premium Edition v9.7.3.3629 Retail Ml_Rus DC 17.07.2020/uiso97pes.exe

  • Size

    4.6MB

  • MD5

    a1d6e9895f67694580016c6a07793bc2

  • SHA1

    29ba651096f6a94b2aec3f3b94909748a259753e

  • SHA256

    3204a6b52e4698fddf35a8e67bf3af5f924c1ccef75da7c48d95be1226b554ff

  • SHA512

    3c3da1dda2aafbb951b15c2e1751d1c71ceeb4f46ff77e5be6d10cb7c760fd1c8358ba4dd11a13ea618b91f525e49f35ef2041a1f9288062b1ead0f84d3d38c6

  • SSDEEP

    98304:U5Yjo3qYXNRnxofbalqVHzSesntuS0xK0yjqio3KIMYZrx7ICCpSSMD6OqljCvl:djsvRxofbAq9zSesntcjyNkMyrx7IzjA

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\UltraISO Premium Edition v9.7.3.3629 Retail Ml_Rus DC 17.07.2020\uiso97pes.exe
    "C:\Users\Admin\AppData\Local\Temp\UltraISO Premium Edition v9.7.3.3629 Retail Ml_Rus DC 17.07.2020\uiso97pes.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Local\Temp\is-A4OSG.tmp\uiso97pes.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A4OSG.tmp\uiso97pes.tmp" /SL5="$10005E,4329604,128000,C:\Users\Admin\AppData\Local\Temp\UltraISO Premium Edition v9.7.3.3629 Retail Ml_Rus DC 17.07.2020\uiso97pes.exe"
      2⤵
      • Executes dropped EXE
      PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-A4OSG.tmp\uiso97pes.tmp
    Filesize

    765KB

    MD5

    0856978f29ae90dc02a700a33fe0302e

    SHA1

    c71d25f4418ecdbd30da98a6ab0804ecca2a800b

    SHA256

    45b137a10ad4eb65b6d04dcb768e88ba372e2b36fca1e44060bd9517d71f49f1

    SHA512

    4d07c277987d28c731cb7435b27010e7cbe7448b865fd138a6299e8ccbf9d172a47d5477e554084e2d608212fcc3d07b97fb1bd53b56fb1e18ce50ee4acf3119

    Download Submit

  • memory/2280-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2280-2-0x0000000000401000-0x000000000040C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2280-8-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3976-7-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/3976-9-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download