Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

bPyj.exe

windows7-x64

10

bPyj.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2023, 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bPyj.exe

  • Size

    47KB

  • MD5

    3d368131608f322b6483637db18a1828

  • SHA1

    6eefb2bdd93843af11fb69bc0979b593e499a480

  • SHA256

    55023584cad284f8c24be6d43ad6c551c08754bf2ed23e9e34b15b5d9df42582

  • SHA512

    49244e80ce12314342982e3e2bd71b17dd817c09bd106135f3b2ca4ac84c5867ef35b02e8a5faf0e8915d2c29b338d08a73f2e21785102ac766d579815e320a4

  • SSDEEP

    768:wq+s3pUtDILNCCa+DikFZdgrcqis+8YbLgeCcmPCM8vEgK/J3ZVc6KN:wq+AGtQOkirUzb08mPCfnkJ3ZVclN

Score
10/10
asyncratvbs09rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

VBS09

C2

4Mekey.myftp.biz:8848

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bPyj.exe
    "C:\Users\Admin\AppData\Local\Temp\bPyj.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab35C2.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • memory/2376-0-0x0000000000A10000-0x0000000000A22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2376-1-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2376-2-0x000000001B1B0000-0x000000001B230000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2376-19-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2376-20-0x000000001B1B0000-0x000000001B230000-memory.dmp

    Filesize

    512KB

    Download