Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 11:50
General
-
Target
ug.exe
-
Size
3.5MB
-
MD5
c02f0310508709cb3a7f7e414cc98115
-
SHA1
799ca2eadb0f5aab0c3a68f8ed260988c193d23f
-
SHA256
675f36891fedbe18f4a551818d762790a17138d9c2ac57f4bb2ff45abc146507
-
SHA512
f951df3b93cb6007fb927c345bf33e5487279bf1dca795f5e798fe9c580a67431cf817c564b7152d1f545a327a43466ce10725ddafe60ac672ab31a4ae142cbc
-
SSDEEP
98304:IaIVmRrKA+NrLOgq1oVIC8ykQEg+bYTWwXptBv4EPk7X1Qz:1IYR4Kgq1eR8SKwZXvBPeaz
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ug.exe"C:\Users\Admin\AppData\Local\Temp\ug.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~sfx0022F60E94\KHAN x CHEATS.exe"C:\Users\Admin\AppData\Local\Temp\~sfx0022F60E94\KHAN x CHEATS.exe"2⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5c19e9e6a4bc1b668d19505a0437e7f7e
SHA173be712aef4baa6e9dabfc237b5c039f62a847fa
SHA2569ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
SHA512b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
-
Filesize
4.1MB
MD583ccf8905ca94e63a0edbec1cd4955f7
SHA1f3c9231780bfa30ead089a6eaf055b944f8289b9
SHA256c1db115b69ab6d3f28080a867989f4aff44464b6140af10e90d00a7b6cfa2c02
SHA5125657a740be2e5fae15c18d00cd1a2bd3a88ceebe6fb155ff26884314f094e680d0afd2112caa7c12e024294b0b6f26f8a5333a831f2500779a0d0ddfb05c4a3e
-
Filesize
565B
MD598dbb4a9bc384dca6b79a47886c42891
SHA1028caef2a44a0bfc41ef8f0c7149952ff1022a01
SHA2564e12056f6c6ff7d05f4dfd957586aeb41fe563677c57ae2fc43aff8aa2bcf970
SHA512fabca42ffbba0e98ca5d90a95d2d849d27e42614b0c5dd6387e1994b7794e009fe27d060f26950527a614eb67319c12c2bc52563f975bfd4f570d5f7e58ee71e
-
Filesize
159KB
MD5be46313ca3e6c9246b52784b4ce64442
SHA1db2d8e87f9fd9f650957b2fae9e4a720abf2daa5
SHA25697a4017b637e86fd05447f0529cc99d99ce8341b64ac17edd0dcd058522f95ee
SHA512ecdfdc9a09c2487d176148404ec469ae8ca468537733e5dbaea30e6c35e39fba16f57952c6132bdc400145010ab804755357efb7094299a9048bb851579af569
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
2.1MB
-
Filesize
10.8MB
-
Filesize
4.1MB
-
Filesize
240KB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
72KB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.4MB