Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01/12/2022, 09:02
General
-
Target
c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe.exe
-
Size
205KB
-
MD5
5bd790f9ad826b59173a72498f9a96e5
-
SHA1
36a1e9bbc5774f96681740e8216923e0377d05be
-
SHA256
c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe
-
SHA512
f8a7eb6143e150a4483228043e363969bdadb3d1f47e34912ebebc898bbb007db35384c9a4472c8ab556b4428f8903b2f5bd6bc3eab627954d63236af85400b8
-
SSDEEP
3072:QZkRi4rZqDjiuHg76dGMGK/P833iO779p9cFe6Q1cdE0SI1PbHNRTG64IoX:QWRTmaW9GH33hXCeBuEObHNRTG64
Score
10/10
Malware Config
Extracted
Family
xtremerat
C2
juliosouza.no-ip.org
Signatures
-
Detect XtremeRAT payload 1 IoCs
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe.exe"C:\Users\Admin\AppData\Local\Temp\c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe.exe"1⤵
- Modifies Installed Components in the registry
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
488KB
-
Filesize
488KB