Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1eb09eab83...cc.exe

windows7-x64

10

1eb09eab83...cc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    180s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe

  • Size

    47KB

  • MD5

    dea7def17c0c3922477acb38a8ec87ad

  • SHA1

    1a1f0730b3596d2d91c1afcd3b83b0355ecbe841

  • SHA256

    1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc

  • SHA512

    cd52ccf48c2ccdd0c5ebe9b71d1ad405df0e38fa1c9e736f20a0c847be3363d334cc2b91b91f8a18b4b1148d98516ac5628ba73f1c77d3dd1ae97d043138945f

  • SSDEEP

    768:l9umxLiIL1CaS+DiwQVxJbia8Ybzgeq61H/fG/vEgK/JjZVc6KN:l9uAPWwS3zbskHynkJjZVclN

Score
10/10
asyncrat18septiembrerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

18Septiembre

C2

actualizaciondedatosgrupoaval.net:1011

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe
    "C:\Users\Admin\AppData\Local\Temp\1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe"
    1⤵
      PID:2088

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2088-0-0x0000000000020000-0x0000000000032000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2088-1-0x000007FEF5840000-0x000007FEF622C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2088-2-0x000000001B0A0000-0x000000001B120000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2088-3-0x000007FEF5840000-0x000007FEF622C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2088-4-0x000000001B0A0000-0x000000001B120000-memory.dmp

      Filesize

      512KB

      Download