Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
12/06/2024, 02:24
240612-cv27xayfnl 8Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 02:24
Static task
static1
Behavioral task
behavioral1
Sample
ReYANG-win.exe
Resource
win7-20231129-en
General
-
Target
ReYANG-win.exe
-
Size
45.0MB
-
MD5
b23926a5155fdb7b6a2b346798b3ed89
-
SHA1
f765081c0ff0e84008f30dcdf75293ae5f79a7b3
-
SHA256
840a59be8a916081f7f969ece99b1986ba2b46f9c7d3ea23a2e39fee6d16f090
-
SHA512
94d3a32d4c862079ffa52582ff3357bbdfeffc40fb1761702249e9de461fdfcf1198a95f3589e34ce0c495b4b2ec273122abfb6697d3efa079407fe6d76ac4fe
-
SSDEEP
786432:fMguj8Q4VfvSqFTrY3KeKv6xugIm7DpZI:fiAQIHSkHb6xp7DpZI
Malware Config
Signatures
-
Contacts a large (607) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation ReYANG-win.exe -
Loads dropped DLL 2 IoCs
pid Process 4764 ReYANG-win.exe 4764 ReYANG-win.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
flow ioc 25 raw.githubusercontent.com 28 raw.githubusercontent.com 37 raw.githubusercontent.com 39 raw.githubusercontent.com 26 raw.githubusercontent.com 27 raw.githubusercontent.com 38 raw.githubusercontent.com 16 raw.githubusercontent.com 24 raw.githubusercontent.com 22 raw.githubusercontent.com 23 raw.githubusercontent.com 36 raw.githubusercontent.com 40 raw.githubusercontent.com 14 raw.githubusercontent.com 21 raw.githubusercontent.com
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD598d55c31ac02b32ac3c147cad3a97ed0
SHA11d72218c5cdd5cfe65187d66833eeaa16fad9368
SHA256b61bac80531f43058953c0747218203b4794908db361ed0a032d79f1168f6bdc
SHA51236e48ab538dc41350ad4cb2a0127a1727db54b136e65f12526ac1648d884e462a28ebf7f7ca85eff37da5e7de9baddac9b28819395e65a7eb3dc83dbdd50f78e
-
C:\Users\Admin\AppData\Local\Temp\pkg-epSjFc\3cb442a7039ddcad2aac3f8bd5bfd6a4f9ff253ce47c1616b3a4495f11a5d0b9
Filesize1.8MB
MD53072b68e3c226aff39e6782d025f25a8
SHA1cf559196d74fa490ac8ce192db222c9f5c5a006a
SHA2567fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
SHA51261ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61
-
C:\Users\Admin\AppData\Local\Temp\pkg-epSjFc\5c9a74674baa49a8cc3965a2d84a4f89cd4ea1a459a9b493fc02a581c95bf3a8
Filesize137KB
MD504bfbfec8db966420fe4c7b85ebb506a
SHA1939bb742a354a92e1dcd3661a62d69e48030a335
SHA256da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
SHA5124ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65