Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

YT Saver 8...et.rar

windows11-21h2-x64

3

Setup.exe

windows11-21h2-x64

5

YT Saver ....ma.rar

windows11-21h2-x64

3

Hijack Pat...re.rar

windows11-21h2-x64

3

YAMA 1.jpg

windows11-21h2-x64

3

YAMA 2.jpg

windows11-21h2-x64

3

YAMA 3.jpg

windows11-21h2-x64

3

YAMA 4.jpg

windows11-21h2-x64

3

PYG64.dll

windows11-21h2-x64

5

YAMA INFO.txt

windows11-21h2-x64

3

winmm.dll

windows11-21h2-x64

1

ytsaverw H...64.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    1473s
  • max time network
    1488s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/08/2024, 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PYG64.dll

  • Size

    1.3MB

  • MD5

    0c98345f142ec5c307d2e3354fd08e95

  • SHA1

    64a405a9dd1760d72edc8c79c77e9b56427ea2dc

  • SHA256

    c6e1d9f06b0914f73b5d8279442a8515346d9a39adfef6714c2f89a1d3b54bdb

  • SHA512

    91aafd9e47f52305708ea172406743507040b7d2d6d68fe3146e6a05b8638f72944d2afd54f1b23234fe988eea0065ab7ec0384add20d732990dc03c7dd9db38

  • SSDEEP

    24576:IyXrbprozekA3dJG7xjOeGtqYVYkXTY6TTdTatPo0QT0PiQjV0:IGVoyJ3C7xjTGtqYVYkXPlTaW9T030

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\PYG64.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4144-0-0x00007FF9D30B0000-0x00007FF9D34F9000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4144-1-0x00007FF9D30B0000-0x00007FF9D34F9000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4144-5-0x00007FF9B3AD0000-0x00007FF9B3AE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4144-6-0x00007FF9F3B44000-0x00007FF9F3B45000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4144-9-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-8-0x00007FF9C1D50000-0x00007FF9C1F59000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-7-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-4-0x00007FF9B3AD0000-0x00007FF9B3AE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4144-10-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-12-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-11-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-14-0x00007FF9C1D50000-0x00007FF9C1F59000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-13-0x00007FF9C1D50000-0x00007FF9C1F59000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4144-23-0x00007FF9BF620000-0x00007FF9BF994000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/4144-25-0x00007FF9BF620000-0x00007FF9BF994000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/4144-31-0x00007FF9F3AA0000-0x00007FF9F3CA9000-memory.dmp

    Filesize

    2.0MB

    Download