Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
234s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 22:40
General
-
Target
b046da80787fed0792c71c1e12aa0c8fe8820d7ae596d35b14bc7b59d1b25d52.exe
-
Size
524KB
-
MD5
ec4f2a8591e9713ddf2d5477e3a54fd6
-
SHA1
79c651cb242fcb589a956a325b2976696634d914
-
SHA256
b046da80787fed0792c71c1e12aa0c8fe8820d7ae596d35b14bc7b59d1b25d52
-
SHA512
d019205571bd7abcd0962ba8ac541ccaf3ce496a3a1c14692e166476841fcd53caf66a5f822160a0379bbaea8ec4e4d43f1af199fa346963e6be15825db838d4
-
SSDEEP
12288:CdQrj/XnkIz2wf9kcvb9kuczLXfWfo10NS6RPRb1:VzT9hczLX8nb1
Malware Config
Signatures
-
Detect PurpleFox Rootkit 2 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 2 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
Processes
-
C:\Users\Admin\AppData\Local\Temp\b046da80787fed0792c71c1e12aa0c8fe8820d7ae596d35b14bc7b59d1b25d52.exe"C:\Users\Admin\AppData\Local\Temp\b046da80787fed0792c71c1e12aa0c8fe8820d7ae596d35b14bc7b59d1b25d52.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD57acda01543b5c884dfb055af69d0e11c
SHA153b2aa68436fb388ecc2eedf444890cf0c3e6961
SHA256988db6255ee39962639d942a32e9c682129e4ab60abc0447ea631dafd2c1c474
SHA512e483ba03addea44b8e8e02e74826f538e47ec281fbda855a4aec06a8a0d4e4ef7656e73b92881071fdc9c6374de8511ca1fd777ab4fd409af774272a67bb2f39
-
Filesize
1.7MB
-
Filesize
1.7MB