Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

c73113228c...74.exe

windows7-x64

10

c73113228c...74.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    168s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c73113228c08c10eb206e1d32c37e92c38c526a42d70357042aee41e7c6c1d74.exe

  • Size

    83KB

  • MD5

    9ea10769a44c13354db57f6fc2d01228

  • SHA1

    9762e68168b428073a4550698926dfd36c2d9c8a

  • SHA256

    c73113228c08c10eb206e1d32c37e92c38c526a42d70357042aee41e7c6c1d74

  • SHA512

    5ae20bf04d1733f0bbc272e85995b1d0636b528dc06fe4896c09852a5f6afbe6f2d25c1faf952d38f11be0f9cf345bfda5e5acac7539fa149e1ae13ceca715a1

  • SSDEEP

    1536:vov8KAfHKom0o2CFxAhFbzFHFzwY2b6zhixWWLsZWK3hHGD6dFI:gteqovoTFChFblFds2i+ZPJ2EFI

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c73113228c08c10eb206e1d32c37e92c38c526a42d70357042aee41e7c6c1d74.exe
    "C:\Users\Admin\AppData\Local\Temp\c73113228c08c10eb206e1d32c37e92c38c526a42d70357042aee41e7c6c1d74.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1648
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\1439100.dll
    Filesize

    101KB

    MD5

    e4f86e223ecfaf6f4d872e85a676cac3

    SHA1

    b624a146f51694dbe21a144a915b0bc09c88b4ec

    SHA256

    1def30f1927668581deb10561ad4ab2d135fb9bfcfc0d31af480a72e3cad7e27

    SHA512

    b97e0259640dc2b4614a25b441caef6db7265b0e3c92f348d2199c0e56116e750af5f57b7c484e8e7158ee318f245184560de55f33c3a92148c52928211ac5c8

    Download Submit

  • \??\c:\NT_Path.jpg
    Filesize

    117B

    MD5

    1948bba35606b6eda55970ada72a8a25

    SHA1

    66dfb67d3802ea4ee6a649ccd8dab06013953057

    SHA256

    ed2836751081a29fa8581747498bbcbb3955e2d0253cfb81047492399d15b8d6

    SHA512

    594ad8a78b276119620799f3d90beab8cd58934337e743ad5e45b5d49a3c0fd0cea7bde954106cd86601e2ca4b1d8ad3790995e8efd4e2a622f43fbfc9519a9c

    Download Submit

  • \??\c:\program files (x86)\letj\tskxencvq.jpg
    Filesize

    8.7MB

    MD5

    7160218f0473b161a8b5c8e2fc388563

    SHA1

    a2dbb799a8b7393630d6ce8c7d14574feed0f08c

    SHA256

    e52daade0f6bfd2b8b2db3a8a7b5d0168ab334b2ecfb511155a4bfac376f3d8a

    SHA512

    783bf6651f4650a1678f27f7584b3e8712a6bf2beb135139b46f0f4355c978dac60d2e433dbef44e72922f2a1d7af1c080e96d4ee1f4b157fccf5423b312dcfb

    Download Submit

  • \Program Files (x86)\Letj\Tskxencvq.jpg
    Filesize

    8.7MB

    MD5

    7160218f0473b161a8b5c8e2fc388563

    SHA1

    a2dbb799a8b7393630d6ce8c7d14574feed0f08c

    SHA256

    e52daade0f6bfd2b8b2db3a8a7b5d0168ab334b2ecfb511155a4bfac376f3d8a

    SHA512

    783bf6651f4650a1678f27f7584b3e8712a6bf2beb135139b46f0f4355c978dac60d2e433dbef44e72922f2a1d7af1c080e96d4ee1f4b157fccf5423b312dcfb

    Download Submit

  • memory/1648-54-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1648-56-0x0000000000240000-0x000000000027D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1648-55-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1648-57-0x0000000000240000-0x000000000027D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1648-63-0x0000000000240000-0x000000000024D000-memory.dmp

    Filesize

    52KB

    Download