Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

285574f2af...d9.exe

windows7-x64

10

285574f2af...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2022, 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    285574f2af1fee8009e412086a380901bda19e556ab0668517cd899935c54fd9.exe

  • Size

    170KB

  • MD5

    e52837d708ea63b059be2b6a2808a6ce

  • SHA1

    0ecd5098f0e1559ae8fb1434c987e710ad09c14b

  • SHA256

    285574f2af1fee8009e412086a380901bda19e556ab0668517cd899935c54fd9

  • SHA512

    4e9d77a70426476fad82fa6d827504c32d3b02c8020780e5587f3312a1e70f9fe1d7a05cdda2380e936adee8621710f41f1b1f3d195ef4e1e85d7e6a4bbe43b8

  • SSDEEP

    3072:54fSWcZQ5wsMCkE847UR4dbZvwb/PTdvieqove:5m7Wa8qmCZvwbjgeqoW

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\285574f2af1fee8009e412086a380901bda19e556ab0668517cd899935c54fd9.exe
    "C:\Users\Admin\AppData\Local\Temp\285574f2af1fee8009e412086a380901bda19e556ab0668517cd899935c54fd9.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2376
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\3104300.dll
    Filesize

    112KB

    MD5

    851b44c29b52abbccffe8614b3467f16

    SHA1

    ecbce1a3a910cf39274525594f6d3a9a72aaa5e7

    SHA256

    11391efc3613af1a12993195168eb0a9a58858b5ce679768d60a281cb9ab6c31

    SHA512

    e0de7a25323de88bb665dadd671bff3a80a34cf19057c04c4373382cd1d5e11310c97e4541659baa7e4ace020a2440ba548f4fa0865b2032739aaa16a41e5acf

    Download Submit

  • C:\3104300.dll
    Filesize

    112KB

    MD5

    851b44c29b52abbccffe8614b3467f16

    SHA1

    ecbce1a3a910cf39274525594f6d3a9a72aaa5e7

    SHA256

    11391efc3613af1a12993195168eb0a9a58858b5ce679768d60a281cb9ab6c31

    SHA512

    e0de7a25323de88bb665dadd671bff3a80a34cf19057c04c4373382cd1d5e11310c97e4541659baa7e4ace020a2440ba548f4fa0865b2032739aaa16a41e5acf

    Download Submit

  • C:\Program Files (x86)\Aexc\Rgsyknvkv.pic
    Filesize

    2.3MB

    MD5

    99cd8ff7686a2d8fb5d2b287dfff5565

    SHA1

    de4400a596b613d04ceb3c0ee3cf590fc950554a

    SHA256

    00a690fa80b731ae5f98447e9965b40895730f412b250bd015a273ebc491a2aa

    SHA512

    6fc514c421be4c80bc0882178e2381ec7dbb00ecd8125a7b7ec746ced9e8aa36ac8e6c84a32a9e1dd2eccf8347aedf69189372ebd639d5eb4ef216113e337474

    Download Submit

  • \??\c:\NT_Path.jpg
    Filesize

    117B

    MD5

    a6d27df05abf6ed9720bf167e52cab99

    SHA1

    e9cbb4f96a1dee2c0690416b371b23982382e00f

    SHA256

    26c6a2e283fcb2c20591af342f2d99e212689c8a2fea5e65b4b7d5f27042de3a

    SHA512

    432b89dadf021fc875b24d811480131ef0cc858dfc28b4df52ff4fde8237f53487186ea26f210f22303e978133ece466a08d74300c1106dc8b76e528f60834f5

    Download Submit

  • \??\c:\program files (x86)\aexc\rgsyknvkv.pic
    Filesize

    2.3MB

    MD5

    99cd8ff7686a2d8fb5d2b287dfff5565

    SHA1

    de4400a596b613d04ceb3c0ee3cf590fc950554a

    SHA256

    00a690fa80b731ae5f98447e9965b40895730f412b250bd015a273ebc491a2aa

    SHA512

    6fc514c421be4c80bc0882178e2381ec7dbb00ecd8125a7b7ec746ced9e8aa36ac8e6c84a32a9e1dd2eccf8347aedf69189372ebd639d5eb4ef216113e337474

    Download Submit