Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
07/06/2023, 01:00
General
-
Target
b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a.exe
-
Size
47KB
-
MD5
03fdb837e1130cd4e144fb0afcb67659
-
SHA1
127af3af7cd8e35c13a9d4f8b12a6da982221cca
-
SHA256
b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a
-
SHA512
5f2227caf8569d0e0991ee13d495c6c075e0345a660243a2dceff32b5422c840a15818dd0cc1eaa767339f7c2f7a8954fb1746f4a80ffb6ace26b16071323905
-
SSDEEP
768:NOEuILWCKi+Dijuiv8YbwgeLTvEgK/JnZVc6KN:NOtm5zb3KTnkJnZVclN
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
vpsruso5JUNIO
C2
185.106.93.148:2020
Mutex
DcRatMutex_qwqdanchun
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a.exe"C:\Users\Admin\AppData\Local\Temp\b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
-
Filesize
512KB