Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

7.0.0.0.exe

windows7-x64

7

7.0.0.0.exe

windows10-2004-x64

7

ILMerge.exe

windows7-x64

1

ILMerge.exe

windows10-2004-x64

1

pack/AbPmX.exe

windows7-x64

10

pack/AbPmX.exe

windows10-2004-x64

10

pack/AcAoB.exe

windows7-x64

10

pack/AcAoB.exe

windows10-2004-x64

10

pack/AdEXN.exe

windows7-x64

10

pack/AdEXN.exe

windows10-2004-x64

10

pack/AeCKK.exe

windows7-x64

1

pack/AeCKK.exe

windows10-2004-x64

1

pack/AeSRJ.exe

windows7-x64

7

pack/AeSRJ.exe

windows10-2004-x64

7

pack/AfDTM.exe

windows7-x64

10

pack/AfDTM.exe

windows10-2004-x64

10

pack/AfMaR.exe

windows7-x64

10

pack/AfMaR.exe

windows10-2004-x64

10

pack/AfZcW.exe

windows7-x64

10

pack/AfZcW.exe

windows10-2004-x64

10

pack/AnWLP.exe

windows7-x64

1

pack/AnWLP.exe

windows10-2004-x64

1

pack/AnZNZ.exe

windows7-x64

10

pack/AnZNZ.exe

windows10-2004-x64

10

pack/ApRnS.exe

windows7-x64

10

pack/ApRnS.exe

windows10-2004-x64

10

pack/AqDpY.exe

windows7-x64

1

pack/AqDpY.exe

windows10-2004-x64

1

pack/AsNMX.exe

windows7-x64

1

pack/AsNMX.exe

windows10-2004-x64

1

pack/AwHQZ.exe

windows7-x64

10

pack/AwHQZ.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    159s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2022, 11:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pack/AfDTM.exe

  • Size

    47KB

  • MD5

    81a1f53a7e0431c385b3537c9e86e9ca

  • SHA1

    fee349b7f96843c91ed47a19f9aa2f58520ddb1c

  • SHA256

    c47cc8f39a3d676895f1bbb92f94d50d5e5d20f7be816b76c09b08cef4d380a7

  • SHA512

    626f5d74a98e3b8cc8f3be3ea7d5611918731a35331dad3603d18426cefd694e6d66b46fb277c46300792c3da930022fc6db28afb68a6e9e4d974a90c9e091c4

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.1.4:8848

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
b2PqhSwfT3jOSZuQzSq5R2XLGdujl7zz

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\pack\AfDTM.exe
    "C:\Users\Admin\AppData\Local\Temp\pack\AfDTM.exe"
    1⤵
      PID:2024

    Network

      No results found
    • 192.168.1.4:8848
      AfDTM.exe
      152 B
       3
    • 192.168.1.4:8848
      AfDTM.exe
      152 B
       3
    • 192.168.1.4:8848
      AfDTM.exe
      152 B
       3
    • 192.168.1.4:8848
      AfDTM.exe
      152 B
       3
    • 192.168.1.4:8848
      AfDTM.exe
      152 B
       3
    • 192.168.1.4:8848
      AfDTM.exe
      52 B
       1
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2024-54-0x0000000000C40000-0x0000000000C52000-memory.dmp

      Filesize

      72KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.