Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
74s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 16:44
Static task
static1
Behavioral task
behavioral1
Sample
UltraHook/Rinput.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
UltraHook/Rinput.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
UltraHook/uh.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
UltraHook/uh.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
hl2.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
UltraHook/uh.exe
-
Size
111KB
-
MD5
87f3cdd31064512b6ffe462a54a8e550
-
SHA1
03a43b2644e65df3940254a3c8486e0b067a92ff
-
SHA256
82367e448553c63551a12e76ad833532b0bf3fd6fc121171a9e99a206e6348b5
-
SHA512
ebeeb11805dd80341793dc0329bf6bc7b978d2e860064a88a6da77b8b38622f06c1bd8e2b6c241c347ad8e8c8bbc9b842839dc518d76371b99956c58a696f79f
-
SSDEEP
3072:K3GUJ8T2SXZyrgoBJtbN/3MCK2kevEwl/6GJHSb:kI/JdSI5eb
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe 3472 uh.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3472 uh.exe