Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

09 NOTIFIC......exe

windows7-x64

10

09 NOTIFIC......exe

windows10-2004-x64

10

Resubmissions

31/10/2023, 19:59

231031-yqxbrafd25 10

31/10/2023, 19:56

231031-yn5v4sdb9v 5

Analysis

  • max time kernel
    120s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09 NOTIFICACION DEMANDA JUDICIAL/09 NOTIFICACION DEMANDA JUDICIAL....exe

  • Size

    658KB

  • MD5

    ab63396cb0774ac41107b7b112f81d5a

  • SHA1

    f5dc67429147e886b01413472496576a2ee34075

  • SHA256

    9a43c57f3e98bd69789e8ccbeef2c1b6b5a3b1d06d63257bb4bd58dffa23689d

  • SHA512

    2121961ae2b154ba941af6937d0522505ec7e323094fb2edc7058194ae958bcf866bbbc7842924236b8635917800d0708eaabff6112f131f496189bb6e021699

  • SSDEEP

    12288:BKwp3N7HPqUeL31VI1kR8BgrsEofzwHJem7OzwHJe0IhfiZ:swp97HyUeLFVIuRCgrsEorwpemIwpels

Score
10/10
asyncratclientesrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Clientes

C2

enviofinal.kozow.com:5051

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    System.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09 NOTIFICACION DEMANDA JUDICIAL\09 NOTIFICACION DEMANDA JUDICIAL....exe
    "C:\Users\Admin\AppData\Local\Temp\09 NOTIFICACION DEMANDA JUDICIAL\09 NOTIFICACION DEMANDA JUDICIAL....exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\29362f6c
    Filesize

    638KB

    MD5

    3795d2eef4bb3b5afa1ab68510b15d13

    SHA1

    67913cbf6047dcb411b7a4e5d9d16ad32f9c08f3

    SHA256

    36e1b3811060375f5b55723e27f578d929605f0de0f43915f7fb1eefe4820eba

    SHA512

    f62027304d81ae23089c44d3f9afafd3b52cb1e6579ceb351f3584371505cb7335b785f7a44de0a1f5b99fb27abae5226a8a9c8795873929e7bf5b24ed59aefc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab62AB.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • memory/764-29-0x000007FEF6270000-0x000007FEF63C8000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/764-30-0x000007FEF6270000-0x000007FEF63C8000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/764-0-0x000007FEF6270000-0x000007FEF63C8000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2708-33-0x0000000077380000-0x0000000077529000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2708-79-0x0000000074D20000-0x0000000074E94000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2708-80-0x0000000074D20000-0x0000000074E94000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2708-83-0x0000000074D20000-0x0000000074E94000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2768-82-0x0000000072900000-0x0000000073962000-memory.dmp

    Filesize

    16.4MB

    Download

  • memory/2768-85-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-86-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2768-87-0x0000000073FB0000-0x000000007469E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2768-88-0x0000000004B60000-0x0000000004BA0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2768-89-0x0000000073FB0000-0x000000007469E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2768-84-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-106-0x0000000004B60000-0x0000000004BA0000-memory.dmp

    Filesize

    256KB

    Download