Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

aae60b0734...f2.exe

windows7-x64

10

aae60b0734...f2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aae60b0734321c13187e07987ef2622892e819354e1eef478eb520166c4c01f2.exe

  • Size

    71KB

  • MD5

    1d8f6aec6bdc4f530c18ac667170f82c

  • SHA1

    627233894ce3c894283c61f1658944ea15c6a263

  • SHA256

    aae60b0734321c13187e07987ef2622892e819354e1eef478eb520166c4c01f2

  • SHA512

    dfc22d815bf3e2356f45855a627defc5c1b651c2e33666250f33e89f0b5445ab4c2ecd8776ce2726c042f37d2ad6a5bb30fc31bac5b1aa5333618eecc90ac159

  • SSDEEP

    1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uiryS5e:+pZTvnyEZiGJ7/QguiryS5e

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aae60b0734321c13187e07987ef2622892e819354e1eef478eb520166c4c01f2.exe
    "C:\Users\Admin\AppData\Local\Temp\aae60b0734321c13187e07987ef2622892e819354e1eef478eb520166c4c01f2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1264
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\3014400.dll
    Filesize

    64KB

    MD5

    747cb6693b4395dfb17d801271273c83

    SHA1

    68aa34cc79dfccd8590b08eaaf9e44776420924d

    SHA256

    56a18a9d5c006a3ae78907faba4f7ff69c8249c99fa11bfd6646d1c85d537fd2

    SHA512

    3c8e408222bd7d8dfce02b9c6c9e99d677f507a6968865b23fe51680282809a431ec94635856d3d8e38783d70f0aaa15bb3d566d33d28cf40f944c833243e43a

    Download Submit

  • C:\3014400.dll
    Filesize

    64KB

    MD5

    747cb6693b4395dfb17d801271273c83

    SHA1

    68aa34cc79dfccd8590b08eaaf9e44776420924d

    SHA256

    56a18a9d5c006a3ae78907faba4f7ff69c8249c99fa11bfd6646d1c85d537fd2

    SHA512

    3c8e408222bd7d8dfce02b9c6c9e99d677f507a6968865b23fe51680282809a431ec94635856d3d8e38783d70f0aaa15bb3d566d33d28cf40f944c833243e43a

    Download Submit

  • C:\Program Files (x86)\Xtxq\Xcqpsdkvg.jpg
    Filesize

    4.1MB

    MD5

    14b917be54326b18918f224015985532

    SHA1

    123052e7a1f5c3ae7c5b0b155cfd413a1a0742d7

    SHA256

    324f608ff71212dc12e1772a96a19c85c339824042b4517b88975ba0f3aac350

    SHA512

    2f7ab0d51a6d8e02d39ba9dc8e691e7c73aa7d5531b7c69025003447a70278338556c6b0edb722dca428e11591b8055557a5d7e03dd01d235f20ddf53412f48a

    Download Submit

  • \??\c:\NT_Path.jpg
    Filesize

    117B

    MD5

    c3385cff363fe815f08d006247cc740a

    SHA1

    99f9e894306d8e3beb7bd1b81a615bf76f0ffa09

    SHA256

    acbadb9865b95acc6d39f56baf6d8da767c885b60f9fc866078db38fbf4b732f

    SHA512

    bceebc99519775564f65c4ca0dc26f14d130e29782ae2ace162315a63b9d2193f7c53c523c71ad3852f037f0d8aae2b54e42ff6a4f888bc35abd8e77eb390836

    Download Submit

  • \??\c:\program files (x86)\xtxq\xcqpsdkvg.jpg
    Filesize

    4.1MB

    MD5

    14b917be54326b18918f224015985532

    SHA1

    123052e7a1f5c3ae7c5b0b155cfd413a1a0742d7

    SHA256

    324f608ff71212dc12e1772a96a19c85c339824042b4517b88975ba0f3aac350

    SHA512

    2f7ab0d51a6d8e02d39ba9dc8e691e7c73aa7d5531b7c69025003447a70278338556c6b0edb722dca428e11591b8055557a5d7e03dd01d235f20ddf53412f48a

    Download Submit