Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

for u kris...er.exe

windows7_x64

10

for u kris...er.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    30/01/2022, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    for u krishna my pic and video fldr/for u krishna my pic and video folder.exe

  • Size

    1.0MB

  • MD5

    7cf75ee5180b4896f93b762ea0057e04

  • SHA1

    633004d24a7dca046f10e419cd83728fd6be4a77

  • SHA256

    0ec4af0779080f9b0b534a6b1b6f1f09ee205cf49a4334046d683d1cce84d3a0

  • SHA512

    4019a01efd5be0a0aef9708e4c359147efbdb4066da7f2418ea5632686ddaac29247d201b5cf154276d22dad7c7b8d61523cb049bde9bd6048133a06ee4c1eee

Score
10/10
crimsonratrat

Malware Config

Signatures

  • CrimsonRAT Main Payload 2 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\for u krishna my pic and video fldr\for u krishna my pic and video folder.exe
    "C:\Users\Admin\AppData\Local\Temp\for u krishna my pic and video fldr\for u krishna my pic and video folder.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\ProgramData\Dharvdv\rvmthgarna.exe
      "C:\ProgramData\Dharvdv\rvmthgarna.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/528-115-0x0000000003190000-0x0000000003192000-memory.dmp

    Filesize

    8KB

    Download

  • memory/528-117-0x0000000003192000-0x0000000003194000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4004-120-0x000002D3C7270000-0x000002D3C7C18000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/4004-121-0x000002D3C97E0000-0x000002D3C97E2000-memory.dmp

    Filesize

    8KB

    Download